On 7/12/07, Kirill Korotaev <[EMAIL PROTECTED]> wrote: > > Not sure why it requires some additional controller, but surely > it is possible to create a match for iptables matching container ID.
But which container ID? Don't forget that a task is in one container in each hierarchy of which there could be more than one. At its simplest this new subsystem could just be a way to tell iptables which hierarchy to look at when matching based on container id. In practice it's probably reasonable to make the "iptables container id" user-settable since userspace is building the iptables rules and might want to use its own numbering scheme for the ids. (E.g. all container IDs in a particular range have the same kinds of permissions). Paul ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ ckrm-tech mailing list https://lists.sourceforge.net/lists/listinfo/ckrm-tech
