Cgroups and Namespaces are two completely different mechanism of the
Linux kernel.
Cgroups is for resource isolation while Namespaces are for kernel
datastructure isolation.
In other words, unsharing a namespace will have no impact on cgroups:
all child processes are added to current cgroup
Thanks!
Does this mean that the new namespaces will be subject to new cgroups quota (as
defined by the new namespaces) or parent namespaces cgroups apply to the child
as well?
Thanks,
Riya
> On Sep 28, 2014, at 11:24 PM, Stéphane Graber wrote:
>
>> On Sun, Sep 28, 2014 at 06:31:18PM -0500,
On Sun, Sep 28, 2014 at 06:31:18PM -0500, riya khanna wrote:
> Hi,
>
> As I understand, kernel currently supports six namespaces. Is it
> possible for a process inside a container (running with different
> namespaces - all six) to escape the container by unshare() 'ing ?
>
> Would this be differe
Hi,
As I understand, kernel currently supports six namespaces. Is it
possible for a process inside a container (running with different
namespaces - all six) to escape the container by unshare() 'ing ?
Would this be different for privileged/unprivileged containers?
Thanks,
Riya
__
