On Thu, Jul 17, 2014 at 12:52 PM, Aditya Kali <adityakali@xxxxxxxxxx> wrote: > Introduce the ability to create new cgroup namespace. The newly created > cgroup namespace remembers the 'struct cgroup *root_cgrp' at the point > of creation of the cgroup namespace. The task that creates the new > cgroup namespace and all its future children will now be restricted only > to the cgroup hierarchy under this root_cgrp. In the first version, > setns() is not supported for cgroup namespaces. > The main purpose of cgroup namespace is to virtualize the contents > of /proc/self/cgroup file. Processes inside a cgroup namespace > are only able to see paths relative to their namespace root. > This allows container-tools (like libcontainer, lxc, lmctfy, etc.) > to create completely virtualized containers without leaking system > level cgroup hierarchy to the task. What happens if someone moves a task in a cgroup namespace outside of the namespace root cgroup? --Andy _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
