On Thu, Jun 20, 2019 at 02:19:34PM +0200, Lennart Poettering <lennart@xxxxxxxxxxxxxx> wrote: > Sorry, but there is not, it's not safe, as documented. The doc [1] says: > Think twice before delegating cgroup v1 controllers to less privileged > containers. It’s not safe, you basically allow your containers to > freeze the system with that and worse. My search-fu is not strong enough and I'm interested in the details. What controller settings can have such ramifications on the rest of the system? Thanks, Michal [1] https://systemd.io/CGROUP_DELEGATION _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: Delegate v1 cgroup controller permissions
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Delegate v1 cgroup controller permissions
- From: Michal Koutný <mkoutny@xxxxxxxx>
- Date: Thu, 11 Jul 2019 09:57:32 +0200
- Cc: systemd-devel@xxxxxxxxxxxxxxxxxxxxx
- In-reply-to: <20190620121933.GA28717@gardel-login>
- References: <1a437955-52fb-acb6-4e84-c9182f8d3223@lane.uk.net> <20190620121933.GA28717@gardel-login>
- User-agent: Mutt/1.10.1 (2018-07-13)
- Follow-Ups:
- Re: Delegate v1 cgroup controller permissions
- From: Lennart Poettering
- Re: Delegate v1 cgroup controller permissions
- References:
- Delegate v1 cgroup controller permissions
- From: John Lane
- Re: Delegate v1 cgroup controller permissions
- From: Lennart Poettering
- Delegate v1 cgroup controller permissions
- Prev by Date: Re: systemd's connections to /run/systemd/private ?
- Next by Date: Re: systemd's connections to /run/systemd/private ?
- Previous by thread: Re: Delegate v1 cgroup controller permissions
- Next by thread: Re: Delegate v1 cgroup controller permissions
- Index(es):
 |