On Fri, 11.11.16 19:21, Michał Zegan (webczat_...@poczta.onet.pl) wrote: > audit/autofs are not properly virtualized, I know. But I thought > keyrings and cgroups are.
most container managers turn off keyrings entirely (as we do in nspawn actually). delegating controllers in cgroupsv1 is unsafe, if you do it the container can make the system hang easily. delegating controllers in cgroupvs2 is safe, but cgroupsv2 are incomplete as of now, the most relevant controller (cpu) is not available for it yet. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel