[libvirt-users] 回复: 回复: How to deal with LXC cgroup access control withapparmor ?

zhongjj zhongjj at foxmail.com
Tue Aug 27 02:24:27 UTC 2013 

Hi,  I disabled the cgoroup mount in container and used  apparmor to restrict the mounting of cgroup. 
it works. 

I will try the user namespace laster with a new kernel. thx Gao feng .

------------------
:)


 




------------------ 原始邮件 ------------------
发件人: "止语"<zhongjj at foxmail.com>;
发送时间: 2013年8月26日(星期一) 下午5:17
收件人: "Gao feng"<gaofeng at cn.fujitsu.com>; 
抄送: "libvirt-users"<libvirt-users at redhat.com>; 
主题: Re: [libvirt-users]回复:  How to deal with LXC cgroup access control withapparmor ?



OOPS:
      "If I do not want to disable the cgroup in container" ==> "If I do want to disable the cgroup in container" 
      I meant if the user namespace not enabled in kernel ...

thx ,I will try user namespace later. I am not working on x86 and not suer wheather the usernamespace is ok in the kernel I am going to use.
I would try to disable the cgroup in lxc first. 

THX to Gao feng .



------------------
止语




------------------ Original ------------------
From:  "Gao feng"<gaofeng at cn.fujitsu.com>;
Date:  Mon, Aug 26, 2013 05:07 PM
To:  "jj"<jj at yuzao.org>; 
Cc:  "libvirt-users"<libvirt-users at redhat.com>; 
Subject:  Re: [libvirt-users]回复:  How to deal with LXC cgroup access control withapparmor ?



On 08/26/2013 04:36 PM, jj wrote:
> thx, Gao feng,
> If I do not want to disable the cgroup in container , is there any config file ? or  do i have to do something to the libvirt source code
> to skip it ?
> 
>  

Sorry, I don't quite understand what's your request.
enable user namespace doesn't disable cgroup in container, it will make user
in container has no rights to change the setting of cgroup.

Thanks

_______________________________________________
libvirt-users mailing list
libvirt-users at redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users
..
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20130827/cac9c300/attachment.htm>

More information about the libvirt-users mailing list