[libvirt] LXC: making the private root filesystem more secure

Dan Smith danms at us.ibm.com
Thu Sep 4 19:50:35 UTC 2008


DV> I just checked the libcgroup heaer file available under Fedora 9
DV> and I'm a bit afraid of the dependancy. They expose a lot of
DV> structure, some clearly incomplete, which means liking to it in its
DV> current state may turn into a problematic dependency.

I've become increasingly concerned about the likelihood of converging on
something stable that will work for libvirt in this area.  I hate to
ignore an abstraction layer that may help reduce the amount of knowledge
of cgroups that has to be present in libvirt.  However, I'm not sure
that libcgroup is really going to provide such a layer, and thus would
(as you put it) become nothing but a problematic dependency.

Perhaps it makes the most sense to implement a bit of cgroup support
directly into libvirt to satisfy our current needs while we wait to see
if libcgroup matures?

-- 
Dan Smith
IBM Linux Technology Center
Open Hypervisor Team
email: danms at us.ibm.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20080904/4cfcc46a/attachment-0001.sig>


More information about the libvir-list mailing list