Displaying 3 results from an estimated 3 matches for "wrklx".
2013 Aug 26
2
How to deal with LXC cgroup access control with apparmor ?
...just the root directory
from the process. But I could tune the cgroup in a container as an user that logged, This is not accepted...
I wonder how to restrict it with apparmor ,so one can not modify files in the cgroup fs, e.g the cpus or mem,
if i restrict it with "deny /sys/fs/cgroup/** wrklx," in apparmor ,the container woulld not start up .
"Permission denied", because that a process would mount the cgroup, it seems done by libvirt_lxc,
Any way to restrict the cgroup in the container or just not mount cgroup in the container ??
Any help would be appreciated, thank...
2013 Aug 26
0
Re: How to deal with LXC cgroup access control with apparmor ?
...ectory
> from the process. But I could tune the cgroup in a container as an user that logged, This is not accepted...
>
> I wonder how to restrict it with apparmor ,so one can not modify files in the cgroup fs, e.g the cpus or mem,
> if i restrict it with "deny /sys/fs/cgroup/** wrklx," in apparmor ,the container woulld not start up .
> "Permission denied", because that a process would mount the cgroup, it seems done by libvirt_lxc,
> Any way to restrict the cgroup in the container or just not mount cgroup in the container ??
>
> Any help would be a...
2013 Aug 26
2
回复: How to deal with LXC cgroup access control withapparmor ?
...ectory
> from the process. But I could tune the cgroup in a container as an user that logged, This is not accepted...
>
> I wonder how to restrict it with apparmor ,so one can not modify files in the cgroup fs, e.g the cpus or mem,
> if i restrict it with "deny /sys/fs/cgroup/** wrklx," in apparmor ,the container woulld not start up .
> "Permission denied", because that a process would mount the cgroup, it seems done by libvirt_lxc,
> Any way to restrict the cgroup in the container or just not mount cgroup in the container ??
>
> Any help would be a...