[systemd-devel] systemd-nspawn containers
Lennart Poettering
mzerqung at 0pointer.de
Fri Nov 11 18:24:11 UTC 2016
On Fri, 11.11.16 19:21, MichaĆ Zegan (webczat_200 at poczta.onet.pl) wrote:
> audit/autofs are not properly virtualized, I know. But I thought
> keyrings and cgroups are.
most container managers turn off keyrings entirely (as we do in nspawn
actually).
delegating controllers in cgroupsv1 is unsafe, if you do it the
container can make the system hang easily.
delegating controllers in cgroupvs2 is safe, but cgroupsv2 are
incomplete as of now, the most relevant controller (cpu) is not
available for it yet.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list