On 2/5/21 10:21 AM, Michal Koutný wrote:
On Fri, Feb 05, 2021 at 07:48:10AM -0700, Tom Hromatka
<tom.hroma...@oracle.com> wrote:
I can't find an easy workaround for the netlink socket. In another
forum, Stephane posted this possible workaround [1], but no
matter what I tried, I couldn't get the permissions straightened
out to successfully run setns within the container.
Ah. I also see now that the NETLINK_CONNECTOR/CN_IDX_PROC doesn't
support neither PID namespaces nor user namespaces. So there's little to
gain by overcoming this.
Thanks for looking into it further. I guessed as much which
is why I didn't spend too much time on it.
I can't think of a real-world use case where adding such
support would be useful. Other than for testing, running
cgrules inside of a container doesn't make a lot of sense :).
Thanks.
Tom
_______________________________________________
Libcg-devel mailing list
Libcg-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libcg-devel
