[lxc-users] confusion with ``pam_cgroup`` and ``pam_cgfs`` for unprivileged containers
Lukas Pirl
lxc-users at lukas-pirl.de
Wed Jul 24 18:31:35 UTC 2019
Dear all,
I struggle understanding the difference between ``pam_cgroup``
and ``pam_cgfs`` and their respective relevance for running unprivileged
containers.
For what I understand, ``pam_cgroup`` puts (existing processes of users upon
login and all future processes of) users in "their" writable cgroups
and ``pam_cgfs`` creates those cgroups for users.
I see that depending on which parameters are handed to ``pam_cgfs`` the
unprivileged user has access to a certain controller or not.
I further see that ``pam_cgroup`` is referenced nowhere in ``/etc`` but
unprivileged containers start nonetheless.
This confuses me. Do we need ``pam_cgroup``? And if so, what for?
I'd be happy if anyone could clarify for me and the rest of the Internet. :)
Cheers,
Lukas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20190724/7c19ce2d/attachment.sig>
More information about the lxc-users
mailing list