Ryan, Am 23.02.2015 um 18:37 schrieb Ryan Cleere: > Richard, > > I have to disagree that it should require idmap. It is true that without > idmap the container can freely set it's own rlimits, but I believe this > functionality could be useful to > containers that don't run /sbin/init. What I mean by that is application > specific containers could have their limits set without the application > having to set them, or even having > to write a shim to set them.
Sorry, I don't understand. What has running a non /sbin/init do to with that? Without user namespaces root within the container can bypass these limits. Thanks, //richard -- libvir-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/libvir-list
