[libvirt-users] Can we disable write to /sys/fs/cgroup tree inside container ?
mxs kolo
kolomaxes at gmail.com
Wed Oct 18 18:05:14 UTC 2017
> Why libvirt mount /sys/fs/cgroup/* inside container as rw ?
>
> We use kernel 3.10.0-693.2.2.el7.x86_64 and XFS and therefore our
> containers are privileged. Yes, we know that in such containers root
> can use SysRq at least for reboot hardware node. But problem with
> cgroups can be more hidden and cryptic.
p.s.2
we still use libvirt-3.0.0, if it's important.
More information about the libvirt-users
mailing list