2009/8/23 Daniel Lezcano <[email protected]> (...)
> With the lxc tools I did: > > lxc-execute -n foo /bin/bash > echo 268435456 > /cgroup/foo/memory.limit_in_bytes > mount --bind /cgroup/foo/memory.meminfo /proc/meminfo > for i in $(seq 1 100); do sleep 3600 & done (...) > > :) > > hmmm... I think that access to the cgroup inside container is very risk because I am able to manage for example memory resources (what if I am not the host owner and... I can give me via non-secure mounted /cgroup (inside container) all available memory resources...). I think that the /proc/meminfo should be pass to the container in the other way, but this is the topic for the other thread. _______________________________________________ Containers mailing list [email protected] https://lists.linux-foundation.org/mailman/listinfo/containers _______________________________________________ Devel mailing list [email protected] https://openvz.org/mailman/listinfo/devel
