21 Oct
2008
21 Oct
'08
4:17 p.m.
On Thu, Oct 16, 2008 at 02:07:57PM -0700, Dan Smith wrote:
Without this, our container child doesn't actually end up in the cgroup, and thus runs unrestricted. Note that this does not address the container's ability to mount cgroup and move itself into the parent namespace.
Okay this moves the initialization earlier, makes sense, +1 Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/