[lxc-devel] Memory Resources

Daniel Lezcano daniel.lezcano at free.fr
Mon Aug 24 01:19:29 PDT 2009


Krzysztof Taraszka wrote:
> 2009/8/23 Daniel Lezcano <daniel.lezcano at free.fr>
>
> (...)
>
>
>   
>> With the lxc tools I did:
>>
>>        lxc-execute -n foo /bin/bash
>>        echo 268435456 > /cgroup/foo/memory.limit_in_bytes
>>        mount --bind /cgroup/foo/memory.meminfo /proc/meminfo
>>        for i in $(seq 1 100); do sleep 3600 & done
>>     
>
>
> (...)
>
>
>   
>> :)
>>
>>
>>     
> hmmm... I think that access to the cgroup inside container is very risk
> because I am able to manage for example memory resources (what if I am not
> the host owner and... I can give me via non-secure mounted /cgroup (inside
> container) all available memory resources...).
> I think that the /proc/meminfo should be pass to the container in the other
> way, but this is the topic for the other thread.
>   
It is not a problem, I did it in this way because it's easy to test but 
in a real use case, the memory limit is setup by the lxc configuration 
file and the cgroup directory will be no longer accessible from the 
container.


More information about the Containers mailing list