On Fri, Jan 30, 2015 at 4:32 PM, Ryan Cleere <rcleere@xxxxxxxxx> wrote: > I guess I don't really have an argument for or against removing some of them > from <rlimits>. The original patch that I wrote and we use internally only > allowed setting of RLIMIT_NOFILE, but when I went to publish it back to this > list is was trivial to just make it a generic interface to all of the > RLIMIT_* tunables. I don't have a need for them at this time, but I figured > someone else might find them useful. But if this list can come up with a set > we want included/excluded then the <rlimits> section can be modified > accordingly. Although it might be confusing to an operator who is reading > the setrlimit(2) manpage and can't understand why they can't set the limit > they are interested in. BTW: This should depend on idmap (user namespaces set up). Without user namespaces root can bypass/reset all these limits. -- Thanks, //richard -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list