[lxc-users] Elegant way for unprivileged container ulimits
Bostjan Skufca
bostjan at a2o.si
Wed Sep 16 07:24:22 UTC 2015
On 15 September 2015 at 19:46, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> It sounds like it may be worthwhile. The patch shouldn't be huge, so
> I think it's worth creating the patch and sending it to the list. Do
> make sure to give a detailed description of how you'll use it. (Don't
> assume I'll remember :)
Tnx for the heads up. Two questions:
1. Configuration variable naming:
(intended for all lxc-users participants)
I lean towards something that is similar to what we currently have for
setting limits in Linux. Thus I would prefer the setting to be called
"lxc.ulimit.openfiles" or "lxc.ulimit.openfds" and not go with
"lxc.rlimit.nofile", which is a reflection of syscall that does the
actual trick.
I understand that this is just an opinion, and I am interested in some
other views. What is your opinion about this?
2. Code placement:
Conceptually this probably fits right before uidmapshift is being
done, and after forking (cloning). Do you have any more specific
pointers?
b.
More information about the lxc-users
mailing list