[Devel] [patch rh7 1/2] cgroup: mount -- Disable mounting from inside of VE context

Cyrill Gorcunov gorcunov at virtuozzo.com
Tue Jun 9 01:51:16 PDT 2015


On Tue, Jun 09, 2015 at 11:48:18AM +0300, Pavel Tikhomirov wrote:
> Docker tests create two level docker containers hierarchy, and they need to
> mount cgroups on the first level to control containers of second level. Is
> it safe to "re-revert" this patch to allow docker test(unit,integration-cli)
> mount cgroups?

Could you please provide more info? Which cgroups it mounts?
Technically sure it's safe to allow mounting known cgroups
but we disabled this feature not for security reason but
rather because it hits preformance on the node in first place.



More information about the Devel mailing list