[systemd-devel] Delegate v1 cgroup controller permissions
Michal Koutný
mkoutny at suse.com
Thu Jul 11 07:57:32 UTC 2019
On Thu, Jun 20, 2019 at 02:19:34PM +0200, Lennart Poettering <lennart at poettering.net> wrote:
> Sorry, but there is not, it's not safe, as documented.
The doc [1] says:
> Think twice before delegating cgroup v1 controllers to less privileged
> containers. It’s not safe, you basically allow your containers to
> freeze the system with that and worse.
My search-fu is not strong enough and I'm interested in the details.
What controller settings can have such ramifications on the rest of the
system?
Thanks,
Michal
[1] https://systemd.io/CGROUP_DELEGATION
More information about the systemd-devel
mailing list