Re: [libvirt] [PATCH 2 of 2] [LXC] Create and enter the cgroup before starting container process
On Thu, Oct 16, 2008 at 02:07:57PM -0700, Dan Smith wrote:
Without this, our container child doesn't actually end up in the
cgroup,
and thus runs unrestricted. Note that this does not address the container's
ability to mount cgroup and move itself into the parent namespace.
While making this change, it became clear that we need to allow access to
the entire range of pty devices for the container console to work. This
patch adds that logic as well.
Yep, we also need the kernel guys to finish PTS namespace virtualization
so we can actually make /dev/pts private to the container :-)
ACK to this patch.
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|