From 49ee6cdcbf79d8b6fa617479ec8ab753ccca923d Mon Sep 17 00:00:00 2001
From: Christian Seiler <christian@iwakd.de>
Date: Thu, 23 Feb 2012 09:57:14 +0100
Subject: Add man page for lxc-attach

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
---
 configure.ac           |   1 +
 doc/Makefile.am        |   1 +
 doc/lxc-attach.sgml.in | 189 +++++++++++++++++++++++++++++++++++++++++++++++++
 doc/see_also.sgml.in   |   5 ++
 4 files changed, 196 insertions(+)
 create mode 100644 doc/lxc-attach.sgml.in

diff --git a/configure.ac b/configure.ac
index 02f652b..f43dc07 100644
--- a/configure.ac
+++ b/configure.ac
@@ -120,6 +120,7 @@ AC_CONFIG_FILES([
 	doc/lxc-ps.sgml
 	doc/lxc-cgroup.sgml
 	doc/lxc-kill.sgml
+	doc/lxc-attach.sgml
 	doc/lxc.conf.sgml
 	doc/lxc.sgml
 	doc/common_options.sgml
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 8530ee9..b18c5eb 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -23,6 +23,7 @@ man_MANS = \
 	lxc-ps.1 \
 	lxc-cgroup.1 \
 	lxc-kill.1 \
+	lxc-attach.1 \
 	\
 	lxc.conf.5 \
 	\
diff --git a/doc/lxc-attach.sgml.in b/doc/lxc-attach.sgml.in
new file mode 100644
index 0000000..6ae6f03
--- /dev/null
+++ b/doc/lxc-attach.sgml.in
@@ -0,0 +1,189 @@
+<!--
+
+lxc: linux Container library
+
+(C) Copyright IBM Corp. 2007, 2008
+
+Authors:
+Daniel Lezcano <dlezcano at fr.ibm.com>
+
+This library is free software; you can redistribute it and/or
+modify it under the terms of the GNU Lesser General Public
+License as published by the Free Software Foundation; either
+version 2.1 of the License, or (at your option) any later version.
+
+This library is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public
+License along with this library; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+-->
+
+<!DOCTYPE refentry PUBLIC "-//Davenport//DTD DocBook V3.0//EN" [
+
+<!ENTITY commonoptions SYSTEM "@builddir@/common_options.sgml">
+<!ENTITY seealso SYSTEM "@builddir@/see_also.sgml">
+]>
+
+<refentry>
+
+  <docinfo><date>@LXC_GENERATE_DATE@</date></docinfo>
+
+  <refmeta>
+    <refentrytitle>lxc-attach</refentrytitle>
+    <manvolnum>1</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>lxc-attach</refname>
+
+    <refpurpose>
+      start a process inside a running container.
+    </refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis><command>lxc-attach <replaceable>-n
+    name</replaceable> <optional>-a
+    arch</optional> <optional>-e</optional>
+    <optional>-- command</optional></command></cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>Description</title>
+
+    <para>
+      <command>lxc-attach</command> runs the specified
+      <replaceable>command</replaceable> inside the container
+      specified by <replaceable>name</replaceable>. The container
+      has to be running already.
+    </para>
+    <para>
+      If no <replaceable>command</replaceable> is specified, the
+      current default shell of the user running
+      <command>lxc-attach</command> will be looked up inside the
+      container and executed. This will fail if no such user exists
+      inside the container or the container does not have a working
+      nsswitch mechanism.
+    </para>
+
+  </refsect1>
+
+  <refsect1>
+
+    <title>Options</title>
+
+    <variablelist>
+
+      <varlistentry>
+	<term>
+	  <option>-a, --arch <replaceable>arch</replaceable></option>
+	</term>
+	<listitem>
+	  <para>
+	    Specify the architecture which the kernel should appear to be
+	    running as to the command executed. This option will accept the
+	    same settings as the <option>lxc.arch</option> option in
+	    container configuration files, see
+	    <citerefentry>
+	      <refentrytitle><filename>lxc.conf</filename></refentrytitle>
+	      <manvolnum>5</manvolnum>
+	    </citerefentry>. By default, the current archictecture of the
+	    running container will be used.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+	<term>
+	  <option>-e, --elevated-privileges</option>
+	</term>
+	<listitem>
+	  <para>
+	    Do not drop privileges when running
+	    <replaceable>command</replaceable> inside the container. If
+	    this option is specified, the new process will
+	    <emphasis>not</emphasis> be added to the container's cgroup(s)
+	    and it will not drop its capabilities before executing.
+	  </para>
+	  <para>
+	    <emphasis>Warning:</emphasis> This may leak privileges into the
+	    container if the command starts subprocesses that remain active
+	    after the main process that was attached is terminated. The
+	    (re-)starting of daemons inside the container is problematic,
+	    especially if the daemon starts a lot of subprocesses such as
+	    <command>cron</command> or <command>sshd</command>.
+	    <emphasis>Use with great care.</emphasis>
+	  </para>
+	</listitem>
+      </varlistentry>
+
+    </variablelist>
+
+  </refsect1>
+
+  &commonoptions;
+
+  <refsect1>
+    <title>Examples</title>
+      <para>
+        To spawn a new shell running inside an existing container, use
+        <programlisting>
+          lxc-attach -n container
+        </programlisting>
+      </para>
+      <para>
+        To restart the cron service of a running Debian container, use
+        <programlisting>
+          lxc-attach -n container -- /etc/init.d/cron restart
+        </programlisting>
+      </para>
+      <para>
+        To deactivate the network link eth1 of a running container that
+        does not have the NET_ADMIN capability, use the <option>-e</option>
+        option to use increased capabilities:
+        <programlisting>
+          lxc-attach -n container -e -- /sbin/ip link delete eth1
+        </programlisting>
+      </para>
+    <variablelist>
+
+  </refsect1>
+
+  <refsect1>
+    <title>Security</title>
+    <para>
+      The <option>-e</option> should be used with care, as it may break
+      the isolation of the containers if used improperly.
+    </para>
+  </refsect1>
+
+  &seealso;
+
+  <refsect1>
+    <title>Author</title>
+    <para>Daniel Lezcano <email>daniel.lezcano@free.fr</email></para>
+  </refsect1>
+
+</refentry>
+
+<!-- Keep this comment at the end of the file
+Local variables:
+mode: sgml
+sgml-omittag:t
+sgml-shorttag:t
+sgml-minimize-attributes:nil
+sgml-always-quote-attributes:t
+sgml-indent-step:2
+sgml-indent-data:t
+sgml-parent-document:nil
+sgml-default-dtd-file:nil
+sgml-exposed-tags:nil
+sgml-local-catalogs:nil
+sgml-local-ecat-files:nil
+End:
+-->
diff --git a/doc/see_also.sgml.in b/doc/see_also.sgml.in
index 78b99b4..e400e8b 100644
--- a/doc/see_also.sgml.in
+++ b/doc/see_also.sgml.in
@@ -107,6 +107,11 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 	<manvolnum>1</manvolnum>
       </citerefentry>,
 
+      <citerefentry>
+	<refentrytitle><command>lxc-attach</command></refentrytitle>
+	<manvolnum>1</manvolnum>
+      </citerefentry>,
+
       <citerefentry>
 	<refentrytitle><command>lxc.conf</command></refentrytitle>
 	<manvolnum>5</manvolnum>
-- 
cgit v1.2.3-65-gdbad