Serge Hallyn <serge.hallyn@xxxxxxxxxxxxx> writes: > Quoting Eric W. Biederman (ebiederm@xxxxxxxxxxxx): >> Serge Hallyn <serge.hallyn@xxxxxxxxxxxxx> writes: >> >> > I actually was waiting for Eric to do it, but I'll happily send it >> > to linux-fsdevel and lkml (in a bit). >> >> I might just. >> >> I will take a look at this in a week or so. I want to get through the >> core userspace bits first so I can just cross those off my list of >> things that need to be done. >> >> Eric > > Ok, I'll wait on sending it then - thanks. Next up is my patch to shadow-utils and then taking a good hard stare at what is left kernel side. One of the questions I need to answer is: Do cgroups actually work for what needs to be limited? Or does the the focus of cgroups on processes without other ownership in objects fundamentally limit what can be expressed with cgroups in a problematic way. In which case would some hierarchical limits based on user namespaces and rlimits be easier to implement and make more sense. I think the answer will be that cgroups are good enough but that question certainly needs looking at. Anyway. shadow-utils, minimal tmpfs, minimal devpts, and then the rest. Eric _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
