LXC-ATTACH(1)LXC-ATTACH(1)NAMElxc-attach - start a process inside a running container.
SYNOPSISlxc-attach-n name [ -a arch ] [ -e ] [ -- command ]
DESCRIPTIONlxc-attach runs the specified command inside the container specified by
name. The container has to be running already.
If no command is specified, the current default shell of the user run‐
ning lxc-attach will be looked up inside the container and executed.
This will fail if no such user exists inside the container or the con‐
tainer does not have a working nsswitch mechanism.
OPTIONS-a, --arch arch
Specify the architecture which the kernel should appear to be
running as to the command executed. This option will accept the
same settings as the lxc.arch option in container configuration
files, see lxc.conf(5). By default, the current archictecture of
the running container will be used.
-e, --elevated-privileges
Do not drop privileges when running command inside the con‐
tainer. If this option is specified, the new process will not be
added to the container's cgroup(s) and it will not drop its
capabilities before executing.
Warning: This may leak privileges into the container if the com‐
mand starts subprocesses that remain active after the main
process that was attached is terminated. The (re-)starting of
daemons inside the container is problematic, especially if the
daemon starts a lot of subprocesses such as cron or sshd. Use
with great care.
COMMON OPTIONS
These options are common to most of lxc commands.
-?, -h, --help
Print a longer usage message than normal.
--usage
Give the usage message
-q, --quiet
mute on
-o, --logfile=FILE
Output to an alternate log FILE. The default is no log.
-l, --logpriority=LEVEL
Set log priority to LEVEL. The default log priority is ERROR.
Possible values are : FATAL, CRIT, WARN, ERROR, NOTICE, INFO,
DEBUG.
Note that this option is setting the priority of the events log
in the alternate log file. It do not have effect on the ERROR
events log on stderr.
-n, --name=NAME
Use container identifier NAME. The container identifier format
is an alphanumeric string.
EXAMPLES
To spawn a new shell running inside an existing container, use
lxc-attach-n container
To restart the cron service of a running Debian container, use
lxc-attach-n container -- /etc/init.d/cron restart
To deactivate the network link eth1 of a running container that does
not have the NET_ADMIN capability, use the -e option to use increased
capabilities:
lxc-attach-n container -e -- /sbin/ip link delete eth1
SECURITY
The -e should be used with care, as it may break the isolation of the
containers if used improperly.
SEE ALSOlxc(1), lxc-create(1), lxc-destroy(1), lxc-start(1), lxc-stop(1), lxc-
execute(1), lxc-kill(1), lxc-console(1), lxc-monitor(1), lxc-wait(1),
lxc-cgroup(1), lxc-ls(1), lxc-ps(1), lxc-info(1), lxc-freeze(1), lxc-
unfreeze(1), lxc-attach(1), lxc.conf(5)AUTHOR
Daniel Lezcano <daniel.lezcano@free.fr>
24 May 2013 LXC-ATTACH(1)