Why do you turn off keyrings? at least manpages say that userns virtualizes keyrings or something similar...
W dniu 11.11.2016 o 19:24, Lennart Poettering pisze: > On Fri, 11.11.16 19:21, Michał Zegan (webczat_...@poczta.onet.pl) wrote: > >> audit/autofs are not properly virtualized, I know. But I thought >> keyrings and cgroups are. > > most container managers turn off keyrings entirely (as we do in nspawn > actually). > > delegating controllers in cgroupsv1 is unsafe, if you do it the > container can make the system hang easily. > > delegating controllers in cgroupvs2 is safe, but cgroupsv2 are > incomplete as of now, the most relevant controller (cpu) is not > available for it yet. > > Lennart >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
