On 09/17/2015 12:45 PM, Cyrill Gorcunov wrote:
On Thu, Sep 17, 2015 at 12:24:29PM +0300, Vladimir Davydov wrote:
On Fri, Sep 11, 2015 at 10:06:34PM +0300, Cyrill Gorcunov wrote:
Currently we allow to mount cgroups from inside of VEs context becuse
otherwise we simply can't restore them in other way: CRIU itself runs
from inside of freshly created VE context due to limits of venet module
(well, not limits to be precise but rather due to implementation specifics
made for code simplicity).
If venet could be created any time after ve start, would this
"pseudosuper" state be still needed?
I believe in this case it won't be needed. At the moment we start
criu inside VE exactly because we're to create venet :(
Ok, than not applying this, will try to prohibit mounting cgroups inside a CT
after we start managing vznet via netlink.
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
