On Sep 24, 2014, at 12:43 PM, Eric W. Biederman wrote:
> Serge Hallyn writes:
>
>> Isolation is provided by the devices cgroup. You want something more
>> than isolation.
>>
>> Quoting riya khanna (riyakhanna1...@gmail.com):
>>> My use case for having device namespaces is device isolation.
I guess policy-based multiplexing (or exclusive ownership) is the usage. What
kind of devices (loop, fb, etc.) this is needed for depends on the usage. If
there are multiple FBs, then each container could potentially own one. One may
want to provide exclusive ownership of input devices to one
Serge Hallyn writes:
> Isolation is provided by the devices cgroup. You want something more
> than isolation.
>
> Quoting riya khanna (riyakhanna1...@gmail.com):
>> My use case for having device namespaces is device isolation. Isn't what
>> namespaces are there for (as I understand)?
Quoting Eric W. Biederman (ebied...@xmission.com):
> riya khanna writes:
>
> > (Please pardon multiple emails, artifact of merging all separate
> > conversations)
> >
> > Thanks for your feedback!
> >
> > Letting the kernel know about what devices a container could access (based
> > on
> >
Isolation is provided by the devices cgroup. You want something more
than isolation.
Quoting riya khanna (riyakhanna1...@gmail.com):
> My use case for having device namespaces is device isolation. Isn't what
> namespaces are there for (as I understand)? Not everything should be
> accessible (or
Isolation is provided by the devices cgroup. You want something more
than isolation.
Quoting riya khanna (riyakhanna1...@gmail.com):
My use case for having device namespaces is device isolation. Isn't what
namespaces are there for (as I understand)? Not everything should be
accessible (or
Quoting Eric W. Biederman (ebied...@xmission.com):
riya khanna riyakhanna1...@gmail.com writes:
(Please pardon multiple emails, artifact of merging all separate
conversations)
Thanks for your feedback!
Letting the kernel know about what devices a container could access (based
Serge Hallyn serge.hal...@ubuntu.com writes:
Isolation is provided by the devices cgroup. You want something more
than isolation.
Quoting riya khanna (riyakhanna1...@gmail.com):
My use case for having device namespaces is device isolation. Isn't what
namespaces are there for (as I
I guess policy-based multiplexing (or exclusive ownership) is the usage. What
kind of devices (loop, fb, etc.) this is needed for depends on the usage. If
there are multiple FBs, then each container could potentially own one. One may
want to provide exclusive ownership of input devices to one
On Sep 24, 2014, at 12:43 PM, Eric W. Biederman ebied...@xmission.com wrote:
Serge Hallyn serge.hal...@ubuntu.com writes:
Isolation is provided by the devices cgroup. You want something more
than isolation.
Quoting riya khanna (riyakhanna1...@gmail.com):
My use case for having device
riya khanna writes:
> (Please pardon multiple emails, artifact of merging all separate
> conversations)
>
> Thanks for your feedback!
>
> Letting the kernel know about what devices a container could access (based on
> device cgroups) and having devtmpfs in the kernel create device nodes for a
riya khanna riyakhanna1...@gmail.com writes:
(Please pardon multiple emails, artifact of merging all separate
conversations)
Thanks for your feedback!
Letting the kernel know about what devices a container could access (based on
device cgroups) and having devtmpfs in the kernel create
12 matches
Mail list logo