Igor,
please review and apply
0001-env_nsops-Use-pseudosuper-feature-on-the-restore-pro.patch for linvzctl,
i'm applying kernel part as well.
Thank you.
--
Best regards,
Konstantin Khorenko,
Virtuozzo Linux Kernel Team
On 01/16/2016 11:13 PM, Cyrill Gorcunov wrote:
Guys, we've found a problem in cgorups management code: currently we
allow to mount cgroups from inside of veX context which have a few
problems:
- performance issue (as Vladimir always pointed)
- security issue (as been fixed by Stas in commit
1867565c8c6df8c2a18e391d9e6d721cf29e251e)
I propose to being pseudosuper state which we gonna use
on restore procedure and disable mounting cgroups from
inside of veX context.
All cgroups needed should be prepared upon containers
starup procedure and nothing else allowed.
Please see changelogs for the patches attached.
Cyrill
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
