-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/26/2010 09:59 AM, Matthew Miller wrote: > On Wed, Aug 25, 2010 at 10:13:05PM -0400, Daniel J Walsh wrote: >>> Hmm, why is libcgroup pulled in by policycoreutils? What's the >>> rationale? >> It is used for confining sandboxes. > > Having now looked at both projects, it appears to me that they are in > conflict. They could be made to work side by side, in the same way that > systemd's cron replacement feature doesn't necessarily mean that you can't > run traditional crond, but there is significant overlap in terms of > categorization policy. That is, libcgroup uses cgclassify to put stuff into > cgroups, whereas systemd uses pam_systemd for users and creates cgroups > automatically for services. > > This overlap doesn't seem good for the distribution. > > > Dan, *could* systemd as it stands provide what you need for sandboxes? > > I don't know. My goal with sandbox was to allow users to startup sandboxes in such a way that they could be still killed. Is there a way in cgroups to say dwalsh gets 80% CPU Then allow dwalsh to specify sandboxes can only use 80% of His CPU. So he can kill them. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkx2nqEACgkQrlYvE4MpobP9jQCghPHINsT/EVQb3CpTVwAcQ4B3 mxoAn3TAGBAc6JFSQOioD/LhXpQ4F3n6 =4w6A -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
