
18 Oct
2017
18 Oct
'17
2:05 p.m.
Why libvirt mount /sys/fs/cgroup/* inside container as rw ?
We use kernel 3.10.0-693.2.2.el7.x86_64 and XFS and therefore our containers are privileged. Yes, we know that in such containers root can use SysRq at least for reboot hardware node. But problem with cgroups can be more hidden and cryptic.
p.s.2 we still use libvirt-3.0.0, if it's important.