Re: [libvirt] [PATCH] Add ability to set rlimits at container boot
Ryan,
Am 23.02.2015 um 18:37 schrieb Ryan Cleere:
Richard,
I have to disagree that it should require idmap. It is true that without idmap the
container can freely set it's own rlimits, but I believe this functionality could be
useful to
containers that don't run /sbin/init. What I mean by that is application specific
containers could have their limits set without the application having to set them, or even
having
to write a shim to set them.
Sorry, I don't understand. What has running a non /sbin/init do to with that?
Without user namespaces root within the container can bypass these limits.
Thanks,
//richard