[Devel] [PATCH RH7] net: allow SO_RCVBUFFORCE with CAP_VE_NET_ADMIN
Cyrill Gorcunov
gorcunov at virtuozzo.com
Fri Jul 10 11:02:14 PDT 2015
On Fri, Jul 10, 2015 at 08:35:24PM +0300, Pavel Tikhomirov wrote:
> Allowing this is not secure, surely. We have two other possibilities:
>
> 1) increase default socket receive buffer size
> 2) decrease number of tty devices in CT, we have ~500 of them while in PCS6 only 12.
As far as I know this is due to completely reworked drivers virtualization.
On PCS6 we register tty drivers one per node while on pcs7 pty drivers
are virtualized, and when the driver get registered inside container
(on pcs7) it creates virtual devices for every peer.
If you take a look into pcs6 node's /sys/fs/device/virtual/tty
you'll see those 500 devices as well ;)
We can hide them though inside container's virtual/tty but
won't this cause problems with udevd?
More information about the Devel
mailing list