Just to scope how much work it would be to fix rlimits so they are not a problem for user namespaces I took a quick survey. The rlimits can be found in include/uapi/asm-generic/resource.h There are a total of 16 rlimits. There are only 4 rlimits that are enforced at anything other than process granularity. RLIMIT_NPROC RLIMIT_MEMLOCK RLIMIT_SIGPENDING RLIMIT_MSGQUEUE So it should not be difficult to fix those rlimits. I think the implementation of RLIMIT_MEMLOCK is highly suspect, and might be worth reexamining, as RLMIT_MEMLOCK it interpreted differently in different contexts. For the limit there is mm->locked_vm, user->lock_vm, and user->locked_shm. Eric _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
