Hi, I disabled the cgoroup mount in container and used apparmor to restrict
the mounting of cgroup.
it works.
I will try the user namespace laster with a new kernel. thx Gao feng .
------------------
:)
------------------ ???????? ------------------
??????: "????"<zhon...@foxmail.com>;
????????: 2013??8??26??(??????) ????5:17
??????: "Gao feng"<gaof...@cn.fujitsu.com>;
????: "libvirt-users"<libvirt-users@redhat.com>;
????: Re: [libvirt-users]?????? How to deal with LXC cgroup access control
withapparmor ?
OOPS:
"If I do not want to disable the cgroup in container" ==> "If I do want
to disable the cgroup in container"
I meant if the user namespace not enabled in kernel ...
thx ,I will try user namespace later. I am not working on x86 and not suer
wheather the usernamespace is ok in the kernel I am going to use.
I would try to disable the cgroup in lxc first.
THX to Gao feng .
------------------
????
------------------ Original ------------------
From: "Gao feng"<gaof...@cn.fujitsu.com>;
Date: Mon, Aug 26, 2013 05:07 PM
To: "jj"<j...@yuzao.org>;
Cc: "libvirt-users"<libvirt-users@redhat.com>;
Subject: Re: [libvirt-users]?????? How to deal with LXC cgroup access control
withapparmor ?
On 08/26/2013 04:36 PM, jj wrote:
> thx, Gao feng,
> If I do not want to disable the cgroup in container , is there any config
> file ? or do i have to do something to the libvirt source code
> to skip it ?
>
>
Sorry, I don't quite understand what's your request.
enable user namespace doesn't disable cgroup in container, it will make user
in container has no rights to change the setting of cgroup.
Thanks
_______________________________________________
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users
.._______________________________________________
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users
