Building a SECURE cointainer using Cgroups ?
Tanaka, Thomas
thomas.tanaka at intel.com
Mon Oct 13 14:13:40 PDT 2008
I should have said filesystem namespace isolation. For example, isolating a process from accessing proc, sys, such that it is only able to access a predefined list of directory.
Quoting Tanaka, Thomas (thomas.tanaka at intel.com):
> Thanks for the quick reply.
> Just out of curiosity, Is it possible to develop a cgroup subsystem that just does the filesystem isolation?
Exactly what filesystem isolation?
-serge
More information about the Containers
mailing list