On Sep 24, 2014, at 12:43 PM, Eric W. Biederman wrote:
> Serge Hallyn writes:
>
>> Isolation is provided by the devices cgroup. You want something more
>> than isolation.
>>
>> Quoting riya khanna (riyakhanna1...@gmail.com):
>>> My use case for having device namespaces is device isolation. I
I guess policy-based multiplexing (or exclusive ownership) is the usage. What
kind of devices (loop, fb, etc.) this is needed for depends on the usage. If
there are multiple FBs, then each container could potentially own one. One may
want to provide exclusive ownership of input devices to one co
Serge Hallyn writes:
> Isolation is provided by the devices cgroup. You want something more
> than isolation.
>
> Quoting riya khanna (riyakhanna1...@gmail.com):
>> My use case for having device namespaces is device isolation. Isn't what
>> namespaces are there for (as I understand)?
Namespaces
Quoting Eric W. Biederman (ebied...@xmission.com):
> riya khanna writes:
>
> > (Please pardon multiple emails, artifact of merging all separate
> > conversations)
> >
> > Thanks for your feedback!
> >
> > Letting the kernel know about what devices a container could access (based
> > on
> > dev
Isolation is provided by the devices cgroup. You want something more
than isolation.
Quoting riya khanna (riyakhanna1...@gmail.com):
> My use case for having device namespaces is device isolation. Isn't what
> namespaces are there for (as I understand)? Not everything should be
> accessible (or e
riya khanna writes:
> (Please pardon multiple emails, artifact of merging all separate
> conversations)
>
> Thanks for your feedback!
>
> Letting the kernel know about what devices a container could access (based on
> device cgroups) and having devtmpfs in the kernel create device nodes for a
>
6 matches
Mail list logo