On Do, 11.07.19 09:57, Michal Koutný (mkoutny@xxxxxxxx) wrote: > On Thu, Jun 20, 2019 at 02:19:34PM +0200, Lennart Poettering <lennart@xxxxxxxxxxxxxx> wrote: > > Sorry, but there is not, it's not safe, as documented. > > The doc [1] says: > > Think twice before delegating cgroup v1 controllers to less privileged > > containers. It’s not safe, you basically allow your containers to > > freeze the system with that and worse. > > My search-fu is not strong enough and I'm interested in the details. > What controller settings can have such ramifications on the rest of the > system? the rt ones for example. Further further details, ping Tejun Heo. Lennart -- Lennart Poettering, Berlin _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: Delegate v1 cgroup controller permissions
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Delegate v1 cgroup controller permissions
- From: Lennart Poettering <lennart@xxxxxxxxxxxxxx>
- Date: Thu, 11 Jul 2019 17:51:49 +0200
- Cc: systemd-devel@xxxxxxxxxxxxxxxxxxxxx
- In-reply-to: <20190711075731.GH9035@blackbody.suse.cz>
- References: <1a437955-52fb-acb6-4e84-c9182f8d3223@lane.uk.net> <20190620121933.GA28717@gardel-login> <20190711075731.GH9035@blackbody.suse.cz>
- References:
- Delegate v1 cgroup controller permissions
- From: John Lane
- Re: Delegate v1 cgroup controller permissions
- From: Lennart Poettering
- Re: Delegate v1 cgroup controller permissions
- From: Michal Koutný
- Delegate v1 cgroup controller permissions
- Prev by Date: Re: systemd's connections to /run/systemd/private ?
- Next by Date: Re: systemd's connections to /run/systemd/private ?
- Previous by thread: Re: Delegate v1 cgroup controller permissions
- Next by thread: swap on zram service unit, using Conflicts=umount
- Index(es):
 |