[Devel] [patch rh7 1/2] cgroup: mount -- Disable mounting from inside of VE context
Cyrill Gorcunov
gorcunov at virtuozzo.com
Wed Jun 17 01:44:51 PDT 2015
On Wed, Jun 17, 2015 at 11:34:32AM +0300, Konstantin Khorenko wrote:
>
> Ok, this is a followup on this:
>
> a) currently we don't know real usecase when privileged Docker CT is required inside a VZ CT
> (except for Docker tests). So in case someone knows such a usecase - please share.
>
> b) Because of a) we are fine for now to allow only unprivileged Docker CTs inside VZ CT.
>
> => we can go both ways 3) and 4) and we'll try both ways a bit later.
So the idea behind is to continue blocking mounting of cgroups inside ve?
More information about the Devel
mailing list