[libvirt] LXC: making the private root filesystem more secure
balbir at linux.vnet.ibm.com
Thu Sep 11 14:13:36 UTC 2008
Daniel P. Berrange wrote:
> On Wed, Sep 10, 2008 at 03:10:53PM -0700, Balbir Singh wrote:
>> Daniel Veillard wrote:
>>> On Thu, Sep 04, 2008 at 12:50:35PM -0700, Dan Smith wrote:
>>>> DV> I just checked the libcgroup heaer file available under Fedora 9
>>>> DV> and I'm a bit afraid of the dependancy. They expose a lot of
>>>> DV> structure, some clearly incomplete, which means liking to it in its
>>>> DV> current state may turn into a problematic dependency.
>> Could you please elaborate on the structure exposed. We are more then willing to
>> fix any incomplete information you are concerned about
> I believe Daniel is refering to the struct's in your public header file.
> The embedded comments themselves in libcgroup.h say that the structs
> will need to be extended with more fields as cgroups gets more capabilities.
> Adding fields to a struct will change the ABI unless care is taken to
> provide for extensibility. The cpu_controller and cg_group structs here
> are of particular concern
Thanks for pin-pointing them, most of these structures are used by the
configuration subsystem and not part of the core API or wrappers. Most of this
stuff is going away and will not affect a single export cgroup API. As an
interim arrangement we can move them to a configuration specific header.
The configuration subsystem is being rewritten to reuse the existing API. It is
a user of the API, not a provider.
More information about the libvir-list