[lxc-devel] Memory Resources
Krzysztof Taraszka
krzysztof.taraszka at gnuhosting.net
Mon Aug 24 00:58:23 UTC 2009
2009/8/23 Daniel Lezcano <daniel.lezcano at free.fr>
(...)
> With the lxc tools I did:
>
> lxc-execute -n foo /bin/bash
> echo 268435456 > /cgroup/foo/memory.limit_in_bytes
> mount --bind /cgroup/foo/memory.meminfo /proc/meminfo
> for i in $(seq 1 100); do sleep 3600 & done
(...)
>
> :)
>
>
hmmm... I think that access to the cgroup inside container is very risk
because I am able to manage for example memory resources (what if I am not
the host owner and... I can give me via non-secure mounted /cgroup (inside
container) all available memory resources...).
I think that the /proc/meminfo should be pass to the container in the other
way, but this is the topic for the other thread.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20090824/e35b4786/attachment.html>
More information about the lxc-devel
mailing list