Provided by: libpcp-pmda3-dev_3.10.8build1_amd64 bug


       pmdaRootConnect,  pmdaRootShutdown, pmdaRootContainerHostName, pmdaRootContainerProcessID,
       pmdaRootContainerCGroupName - privileged PCP collector services


       #include <pcp/pmapi.h>
       #include <pcp/pmda.h>

       int pmdaRootConnect(void);
       void pmdaRootShutdown(int fd);
       int pmdaRootContainerHostName(int fd, char *name, int namelen, char *buffer, int buflen);
       int pmdaRootContainerProcessID(int fd, char *name, int namelen);
       int pmdaRootContainerCGroupName(int fd, char *name, int namelen, char *buffer, int

       cc ... -lpcp_pmda -lpcp


       pmdaRootConnect  initializes  an  IPC  channel  between a PCP collector process - either a
       PMDA(3) or pmcd(1) itself - and the pmdaroot(1) server.

       On success, the return  value  from  pmdaRootConnect  is  a  unix(7)  domain  socket  file
       descriptor,  which  can  be  subsequently passed to each of the other APIs described here.
       This channel can be used to perform limited privilege escalation  for  specific  scenarios
       needed   by   PCP   collector   services.   The  channel  can  be  deactivated  using  the
       pmdaRootShutdown interface.

       Currently, these services provide access to  the  container  facilities  of  modern  Linux
       distributions,   as  needed  by  various  agents  accessing  kernel  features  related  to

       pmdaRootContainerHostName allows lookup of the current hostname for a named  container  on
       behalf of an unprivileged process, via the setns(3) system call on Linux.  On success, the
       hostname is returned in the supplied buffer, of size buflen and the return value indicates
       the length of the hostname.

       pmdaRootContainerProcessID performs a name to process identifier translation - on success,
       the return value is the identifier of the first process started (process 1) in  the  named

       pmdaRootContainerCGroupName  fills  the  supplied buffer with the engine-specific names of
       kernel control groups that have been used to build the container identified by name.  When
       successful,  the  return  value  indicates  the length of the cgroup name resolved for the

       The name of the container is interpreted by pmdaroot(1), which attempts to  match  up  the
       specified  name with one of the implementations of containers that it is aware of.  Hence,
       the name argument is potentially  interpreted  differently,  depending  on  the  installed
       container engine, as determined internally by pmdaroot(1)).

       In the case of the Docker container engine, for example, a valid container name can be the
       unique hash identifier, the human-readable name, or any unique identifier substring.  This
       is the algorithm used by the Docker client tools themselves.


       All  pmdaRoot  interfaces  will  return  negative  status  codes  suitable  for passing to


       pmcd(1), pmdaroot(1), pmErrStr_r(3), PMDA(3), setns(3) and unix(7).