Hello, Will there be a limitation of the number of processes per cgroup (task counter subsystem from Frederic Weisbecker)? I guess this would be interesting for many users especially in connection with LXC. As long as this is not implemented our security policy prevents us from using LXC. I could isolate resources quite well, however, I am still able to bomb the host system once I become root in LXC-guests. I tried to circumvent this problem with apparmor, rlimits etc. but was not successful, see http://sourceforge.net/mailarchive/forum.php?thread_name=CAJ75kXYapfC_ihVyshWyGQqBL_jJbLJitgOscaCt1ciNyoyokg%40mail.gmail.com&forum_name=lxc-devel Is there any plan for such an implementation? bye, Robert -- To unsubscribe from this list: send the line "unsubscribe cgroups" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
