[lxc-devel] [PATCH] Unshare user namespace as well

Mikhail Gusarov dottedmag at dottedmag.net
Tue May 4 20:09:49 UTC 2010


Daniel.

 >> Unshare user namespace to make sure setrlimit and other per-user
 >> limits are accounted properly in containers

[skip]

 DL> I am not sure to see all the implications of having this namespace
 DL> by default, especially for application containers which can be
 DL> executed by non-root user. I think it would make sense to make this
 DL> flag optional with the configuration.

Fully agree. I don't use LXC at the moment, so don't expect new patch
From me -- I will scratch one when I get to using LXC again unless
someone else implements it before.

-- 
  http://fossarchy.blogspot.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20100505/59cb194d/attachment.pgp>


More information about the lxc-devel mailing list