Hi, What it's the reason behind this proposal? The only thing you mentioned and which used not fixed is perfomance issues. If so, then it's not a sufficient reason from my POW, because we are loosing generic functionality. I suspect, that the are programs, which use cgroups for their internal needs. What will we do with them, if cgroup mounts are forbidden?
16 янв. 2016 г. 9:13 PM пользователь Cyrill Gorcunov <gorcu...@virtuozzo.com> написал: > > Guys, we've found a problem in cgorups management code: currently we > allow to mount cgroups from inside of veX context which have a few > problems: > > - performance issue (as Vladimir always pointed) > - security issue (as been fixed by Stas in commit > 1867565c8c6df8c2a18e391d9e6d721cf29e251e) > > I propose to being pseudosuper state which we gonna use > on restore procedure and disable mounting cgroups from > inside of veX context. > > All cgroups needed should be prepared upon containers > starup procedure and nothing else allowed. > > Please see changelogs for the patches attached. > > Cyrill _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel
