[lxc-users] Do nested containers require that unprivileged container creation be supported?

Nels Nelson nels.n.nelson at gmail.com
Sat Apr 5 17:00:27 UTC 2014


One more bit aside, I've a python script which does a little cgroup
wrangling that accomplishes some cgroup nesting for me.  It can
successfully do things like limit the memory of processes using that inner
cgroup.  This of course doesn't rely on apparmor, as it just manipulates
the cgroup definitions for the target process a bit.  This is what leads me
to wonder if/why apparmor is strictly necessary for the lxc nesting, or if
there are other alternatives (even if those alternatives are trickier.)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140405/1ec81c2f/attachment.html>


More information about the lxc-users mailing list