[systemd-devel] Delegate v1 cgroup controller permissions
Lennart Poettering
lennart at poettering.net
Thu Jul 11 15:51:49 UTC 2019
On Do, 11.07.19 09:57, Michal Koutný (mkoutny at suse.com) wrote:
> On Thu, Jun 20, 2019 at 02:19:34PM +0200, Lennart Poettering <lennart at poettering.net> wrote:
> > Sorry, but there is not, it's not safe, as documented.
>
> The doc [1] says:
> > Think twice before delegating cgroup v1 controllers to less privileged
> > containers. It’s not safe, you basically allow your containers to
> > freeze the system with that and worse.
>
> My search-fu is not strong enough and I'm interested in the details.
> What controller settings can have such ramifications on the rest of the
> system?
the rt ones for example. Further further details, ping Tejun Heo.
Lennart
--
Lennart Poettering, Berlin
More information about the systemd-devel
mailing list