[RFC] per-containers tcp buffer limitation

Stephen Hemminger shemminger at vyatta.com
Thu Aug 25 08:44:15 PDT 2011


You seem to have forgotten the work of your forefathers. When appealing
to history you must understand it first.

What about using netfilter (with extensions)? We already have iptables
module to match on uid or gid. It wouldn't be hard to extend this to
other bits of meta data like originating and target containers.

You could also use this to restrict access to ports and hosts on
a per container basis.



More information about the Containers mailing list