[systemd-devel] systemd-nspawn containers
Michał Zegan
webczat_200 at poczta.onet.pl
Fri Nov 11 18:36:02 UTC 2016
Why do you turn off keyrings? at least manpages say that userns
virtualizes keyrings or something similar...
W dniu 11.11.2016 o 19:24, Lennart Poettering pisze:
> On Fri, 11.11.16 19:21, Michał Zegan (webczat_200 at poczta.onet.pl) wrote:
>
>> audit/autofs are not properly virtualized, I know. But I thought
>> keyrings and cgroups are.
>
> most container managers turn off keyrings entirely (as we do in nspawn
> actually).
>
> delegating controllers in cgroupsv1 is unsafe, if you do it the
> container can make the system hang easily.
>
> delegating controllers in cgroupvs2 is safe, but cgroupsv2 are
> incomplete as of now, the most relevant controller (cpu) is not
> available for it yet.
>
> Lennart
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 492 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20161111/ad36f848/attachment-0001.sig>
More information about the systemd-devel
mailing list