On Wed, Jul 24, 2019 at 08:31:35PM +0200, Lukas Pirl wrote: > Dear all, > > I struggle understanding the difference between ``pam_cgroup`` > and ``pam_cgfs`` and their respective relevance for running unprivileged > containers. > > For what I understand, ``pam_cgroup`` puts (existing processes of users upon > login and all future processes of) users in "their" writable cgroups > and ``pam_cgfs`` creates those cgroups for users. > > I see that depending on which parameters are handed to ``pam_cgfs`` the > unprivileged user has access to a certain controller or not. > I further see that ``pam_cgroup`` is referenced nowhere in ``/etc`` but > unprivileged containers start nonetheless. > > This confuses me. Do we need ``pam_cgroup``? And if so, what for? > > I'd be happy if anyone could clarify for me and the rest of the Internet. :)
pam_cgroup came out of libcgroup/group-bin. This was a long obsolete effort to provide tools and a standard for use of cgroups by programs and admins. You probably don't want to use it. pam_cgfs ships with lxc, used to ship with lxcfs. If you're using lxc containers, you probably want to use it. _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
