search for: withapparmor

...nal ------------------ From: "Gao feng"<gaofeng@cn.fujitsu.com>; Date: Mon, Aug 26, 2013 05:07 PM To: "jj"<jj@yuzao.org>; Cc: "libvirt-users"<libvirt-users@redhat.com>; Subject: Re: [libvirt-users]回复： How to deal with LXC cgroup access control withapparmor ? On 08/26/2013 04:36 PM, jj wrote: > thx, Gao feng, > If I do not want to disable the cgroup in container , is there any config file ? or do i have to do something to the libvirt source code > to skip it ? > > Sorry, I don't quite understand what's your request. enab...

...--------- 原始邮件 ------------------ 发件人: "Gao feng"<gaofeng@cn.fujitsu.com>; 发送时间: 2013年8月26日(星期一) 下午4:06 收件人: "止语"<zhongjj@foxmail.com>; 抄送: "libvirt-users"<libvirt-users@redhat.com>; 主题: Re: [libvirt-users] How to deal with LXC cgroup access control withapparmor ? On 08/26/2013 03:42 PM, 止语 wrote: > I am playing with libvirt 1.1.1 (lxc) > when I was starting a LXC container, the process location of cgroup is pretty , just the root directory > from the process. But I could tune the cgroup in a container as an user that logged, This is not acce...

On 08/26/2013 04:36 PM, jj wrote: > thx, Gao feng, > If I do not want to disable the cgroup in container , is there any config file ? or do i have to do something to the libvirt source code > to skip it ? > > Sorry, I don't quite understand what's your request. enable user namespace doesn't disable cgroup in container, it will make user in container has no rights to

I am playing with libvirt 1.1.1 (lxc) when I was starting a LXC container, the process location of cgroup is pretty , just the root directory from the process. But I could tune the cgroup in a container as an user that logged, This is not accepted... I wonder how to restrict it with apparmor ,so one can not modify files in the cgroup fs, e.g the cpus or mem, if i restrict it with "deny