[Devel] Re: [ckrm-tech] containers development plans

Kirill Korotaev dev at sw.ru
Thu Jul 12 03:58:36 PDT 2007


Paul  Menage wrote:
> On 7/12/07, Kirill Korotaev <dev at sw.ru> wrote:
> 
>>Not sure why it requires some additional controller, but surely
>>it is possible to create a match for iptables matching container ID.
> 
> 
> But which container ID? Don't forget that a task is in one container
> in each hierarchy of which there could be more than one. At its
> simplest this new subsystem could just be a way to tell iptables which
> hierarchy to look at when matching based on container id. In practice
> it's probably reasonable to make the "iptables container id"
> user-settable since userspace is building the iptables rules and might
> want to use its own numbering scheme for the ids. (E.g. all container
> IDs in a particular range have the same kinds of permissions).

won't hierarchy:container-name pair help? :@)

Kirill




More information about the Devel mailing list