Igor, please review and apply 0001-env_nsops-Use-pseudosuper-feature-on-the-restore-pro.patch for linvzctl, i'm applying kernel part as well.
Thank you. -- Best regards, Konstantin Khorenko, Virtuozzo Linux Kernel Team On 01/16/2016 11:13 PM, Cyrill Gorcunov wrote:
Guys, we've found a problem in cgorups management code: currently we allow to mount cgroups from inside of veX context which have a few problems: - performance issue (as Vladimir always pointed) - security issue (as been fixed by Stas in commit 1867565c8c6df8c2a18e391d9e6d721cf29e251e) I propose to being pseudosuper state which we gonna use on restore procedure and disable mounting cgroups from inside of veX context. All cgroups needed should be prepared upon containers starup procedure and nothing else allowed. Please see changelogs for the patches attached. Cyrill
_______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel