-
setup cgroups from parent · 544a48a0Serge Hallyn authored
This is a first step to enabling user namespaces. When starting a container in a new user namespace, the child will not have the rights to write to the cgroup fs. (We can give it that right, but don't always want to have to). At the parent, we don't want to setup_cgroups() before the child has set itself up. But we also don't want to wait until it has started running it's init, since that is racy. Therefore introduce a new sync point. The child will let the parent know when it is ready to be confined, and wait for the parent to respond that it has done so. Then the child will finish constraining itself with LSM and seccomp and execute init. Signed-off-by:
Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by:
Stéphane Graber <stgraber@ubuntu.com>
544a48a0
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| include | Loading commit data... | |
| lxc | Loading commit data... | |
| python-lxc | Loading commit data... | |
| tests | Loading commit data... | |
| Makefile.am | Loading commit data... |