Quoting Paul Menage (menage@xxxxxxxxxx): > On Wed, Jun 17, 2009 at 2:26 PM, Serge E. Hallyn<serue@xxxxxxxxxx> wrote: > > > > The ns cgroup is really only good for preventing root in a container > > from escaping its cgroup-imposed limits. The same can be done today > > using smack or selinux, and eventually will be possible using user > > namespaces. Would anyone object to removing ns_cgroup? > > Sounds reasonable to me. It feels to me that there ought to be some > good way to integrate namespaces and cgroups, but I'm not quite sure > exactly how, and ns_cgroup sort of hovers in the "toy" category rather > than something very useful. So the question becomes: does the presence of the ns cgroup constitute an API? Can we just yank it out? Daniel, AFAIK liblxc is the only thing that actually uses it. Do you mind manually moving the container init into a new cgroup? -serge _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
