On Mon, Dec 28, 2009 at 3:36 PM, Serge E. Hallyn wrote:
> Quoting Daniel Lezcano (daniel.lezc...@free.fr):
>> The ns_cgroup is an annoying cgroup at the namespace / cgroup frontier.
>
> True. However, it remains - apart from using smack or SELinux - the
> only way to truly lock a container into a
Quoting Daniel Lezcano (daniel.lezc...@free.fr):
> The ns_cgroup is an annoying cgroup at the namespace / cgroup frontier.
True. However, it remains - apart from using smack or SELinux - the
only way to truly lock a container into a cgroup configuration. That's
unlikely to change until we finall
