Paul Menage wrote: > On 7/12/07, Kirill Korotaev <[EMAIL PROTECTED]> wrote: > >>Not sure why it requires some additional controller, but surely >>it is possible to create a match for iptables matching container ID. > > > But which container ID? Don't forget that a task is in one container > in each hierarchy of which there could be more than one. At its > simplest this new subsystem could just be a way to tell iptables which > hierarchy to look at when matching based on container id. In practice > it's probably reasonable to make the "iptables container id" > user-settable since userspace is building the iptables rules and might > want to use its own numbering scheme for the ids. (E.g. all container > IDs in a particular range have the same kinds of permissions).
won't hierarchy:container-name pair help? :@) Kirill _______________________________________________ Devel mailing list [email protected] https://openvz.org/mailman/listinfo/devel
