[lxc-users] Elegant way for unprivileged container ulimits

Bostjan Skufca bostjan at a2o.si
Wed Sep 16 07:24:22 UTC 2015


On 15 September 2015 at 19:46, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> It sounds like it may be worthwhile.  The patch shouldn't be huge, so
> I think it's worth creating the patch and sending it to the list.  Do
> make sure to give a detailed description of how you'll use it.  (Don't
> assume I'll remember :)

Tnx for the heads up. Two questions:

1. Configuration variable naming:
(intended for all lxc-users participants)

I lean towards something that is similar to what we currently have for
setting limits in Linux. Thus I would prefer the setting to be called
"lxc.ulimit.openfiles" or "lxc.ulimit.openfds" and not go with
"lxc.rlimit.nofile", which is a reflection of syscall that does the
actual trick.
I understand that this is just an opinion, and I am interested in some
other views. What is your opinion about this?


2. Code placement:
Conceptually this probably fits right before uidmapshift is being
done, and after forking (cloning). Do you have any more specific
pointers?



b.


More information about the lxc-users mailing list