On Tue, Jul 19, 2016 at 03:25:08PM +0300, Pavel Tikhomirov wrote: > > > > p.s. I'm not really follow why this feature is needed in container > > at all, i mean the @pid_max virtualization. Presume due to hist. reasons. > > If the only reason was(as far as I understood > https://jira.sw.ru/browse/PSBM-6437) to have more pids available on host(for > pid mapping from containers pids) but not in CT, than actually we can > instead make kernel.pid_max readonly in CT and we won't need c/r-ing it. > > Why pid_max is writable in pidns in Upstream is also a riddle - one can > restrict number of processes to 301 from unprivileged user on hole node, > like: > unshare -Upm --fork --mount-proc sysctl -w kernel.pid_max=301
Fair enough, thanks! _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
