[Lxc-users] clarifications on user ns
Niklas Fuchs
nkfuchs at yahoo.de
Thu May 30 11:11:33 UTC 2013
hi,
i played around with my debian image and user namespaces and have some
questions:
cgroup limits: they dont seem to apply to a container with user ns
right? i set
lxc.cgroup.memory.limit_in_bytes = 2M but nothing gets killed, the
container starts normally
can i limit resources anyhow?
caps: from http://lwn.net/Articles/531114/
"unprivileged processes can create user namespaces in which they have
full privileges, which in turn allows any other type of namespace to be
created inside a user namespace."
does that mean that the other namespaces(like net etc) are like a child of the user
ns? i have full caps in the container, i noticed that cap restrictions
from the config dont seem to have an effect (tested e.g. net_raw,
net_admin and im still able to do everything with the eth0 inside the
container)
lxc-checkconfig shows everything as enabled
thanks, niklas
More information about the lxc-users
mailing list