Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

introduce lxc.cgroup.dir.{monitor,container,container.inner} #3353

Merged
merged 4 commits into from
Apr 3, 2020
Merged

introduce lxc.cgroup.dir.{monitor,container,container.inner} #3353

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
a900cba
introduce lxc.cgroup.dir.{monitor,container,container.inner}
Blub Apr 2, 2020
31691d1
cgroups: remove unused variable
Apr 3, 2020
51b07b7
doc: s/lxc.cgroup.container.namespace/lxc.cgroup.container.inner/g
Apr 3, 2020
e93197e
confile: coding style fixes for set_config_cgroup_container_inner_dir()
Apr 3, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
47 changes: 47 additions & 0 deletions doc/lxc.container.conf.sgml.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1571,6 +1571,53 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>lxc.cgroup.dir.container</option>
</term>
<listitem>
<para>
This is similar to <option>lxc.cgroup.dir</option>, but must be
used together with <option>lxc.cgroup.dir.monitor</option> and
affects only the container's cgroup path. This option is mutually
exclusive with <option>lxc.cgroup.dir</option>.
Note that the final path the container attaches to may be
extended further by the
<option>lxc.cgroup.dir.container.inner</option> option.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>lxc.cgroup.dir.monitor</option>
</term>
<listitem>
<para>
This is the monitor process counterpart to
<option>lxc.cgroup.dir.container</option>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>lxc.cgroup.dir.container.inner</option>
</term>
<listitem>
<para>
Specify an additional subdirectory where the cgroup namespace
will be created. With this option, the cgroup limits will be
applied to the outer path specified in
<option>lxc.cgroup.dir.container</option>, which is not accessible
from within the container, making it possible to better enforce
limits for privileged containers in a way they cannot override
them.
This only works in conjunction with the
<option>lxc.cgroup.dir.container</option> and
<option>lxc.cgroup.dir.monitor</option> options and has otherwise
no effect.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>lxc.cgroup.relative</option>
Expand Down