[libvirt] How does virsh lxc-enter-namespace work? Does it?

Hi! I'm facing the issue that "virsh lxc-enter-namespace ..." does not work for me. setns() always fails with EINVAL. Reading the code confused me a bit, maybe you can help me. :D virsh itself calls: cmdLxcEnterNamespace() virDomainLxcOpenNamespace() conn->driver->domainLxcOpenNamespace() Here comes the first thing that is not clear to me. conn->driver seems to be the remote driver and therefore ->domainLxcOpenNamespace is remoteDomainLxcOpenNamespace() Why is lxc:/// a remote connection? remoteDomainLxcOpenNamespace() does a rpc call to libvirtd. On the remote side libvirtd does: lxcDispatchDomainOpenNamespace(), which opens the namespace fds, and sends them back as result. How can this work? Does it somewhere magic file descriptor passing on AF_UNIX? virsh then receives the fd's (pure numbers) and setns() failed badly. Wouldn't it make much more sense to do the open(/proc/XXX/ns/{mnt, user, ...}) and setns() calls directly on the local side? IOW directly in virsh? driver->domainLxcOpenNamespace() should only report the process id of the container's init process. Thanks, //richard