[lxc-users] cgroup settings not honored
Patrick Brauer
mercora at lileth.net
Sun Oct 19 12:07:44 UTC 2014
Ok, i found out what made the rules fail... But not why cgmanager
behaved like it did... systemd (yuck, again) mounts cgroups inside the
container and rearranges its own tasks making any settings previously
made ineffective... premounting it ro did indeed made systemd aware
that i wont like it to mess around with these... Although that does
not make it impossible, at least it does behave like i would like it
to. Dropping sys_admin seem to let it fail early because it wants to
mount several filesystems and i need to investigate further if it
would be enough to premount them....
However, this is not an issue with lxc (but with cgmanager maybe). I
was assuming that containers should not be able to do these kind of
things which was just wrong... anyhow, thanks to anybody listening ^^
More information about the lxc-users
mailing list