Building a SECURE cointainer using Cgroups ?

Tanaka, Thomas thomas.tanaka at intel.com
Mon Oct 13 14:13:40 PDT 2008


I should have said filesystem namespace isolation. For example, isolating a process from accessing proc, sys, such that it is only able to access a predefined list of directory.

Quoting Tanaka, Thomas (thomas.tanaka at intel.com):
> Thanks for the quick reply.
> Just out of curiosity, Is it possible to develop a cgroup subsystem that just does the filesystem isolation?

Exactly what filesystem isolation?

-serge


More information about the Containers mailing list