On 7/12/07, Kirill Korotaev <dev@xxxxx> wrote:
Not sure why it requires some additional controller, but surely it is possible to create a match for iptables matching container ID.
But which container ID? Don't forget that a task is in one container in each hierarchy of which there could be more than one. At its simplest this new subsystem could just be a way to tell iptables which hierarchy to look at when matching based on container id. In practice it's probably reasonable to make the "iptables container id" user-settable since userspace is building the iptables rules and might want to use its own numbering scheme for the ids. (E.g. all container IDs in a particular range have the same kinds of permissions). Paul _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers