On Tue, May 16, 2017 at 1:18 AM, Dr. Todor Dimitrov <[email protected]> wrote:
> Hallo, > > LXC automatically creates the "/sys/fs/cgroup/*/lxc/some-container-name" > cgroups, which are setup to reflect the restrictions as defined in the > container configuration file. I was wondering whether it would be possible > to use a predefined cgroups hierarchy, which is not writable by LXC. Thus > it would be possible for a super-user to place resource restrictions for > the containers run by the unprivileged users. Is it possible to implement > such a scenario using cgroups? > > It should already does what you want. IIRC unpriv containers are unable to increase their limits by writing to the cgroup. And if needed, root on the host could always write values to the desired cgroups. Any particular use case in mind? -- Fajar
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
