[lxc-users] Using predefined cgroups
Fajar A. Nugraha
list at fajar.net
Tue May 16 03:31:03 UTC 2017
On Tue, May 16, 2017 at 1:18 AM, Dr. Todor Dimitrov <dimitrov at technology.de>
> LXC automatically creates the "/sys/fs/cgroup/*/lxc/some-container-name"
> cgroups, which are setup to reflect the restrictions as defined in the
> container configuration file. I was wondering whether it would be possible
> to use a predefined cgroups hierarchy, which is not writable by LXC. Thus
> it would be possible for a super-user to place resource restrictions for
> the containers run by the unprivileged users. Is it possible to implement
> such a scenario using cgroups?
It should already does what you want. IIRC unpriv containers are unable to
increase their limits by writing to the cgroup. And if needed, root on the
host could always write values to the desired cgroups.
Any particular use case in mind?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the lxc-users