Quoting da...@lang.hm (da...@lang.hm): > On Tue, 11 Oct 2011, Eric W. Biederman wrote: > > >da...@lang.hm writes: > > > >>On Tue, 11 Oct 2011, Eric W. Biederman wrote: > >> > >>>Theodore Tso <ty...@mit.edu> writes: > >>> > >>>>On Oct 11, 2011, at 2:42 AM, Eric W. Biederman wrote: > >>>> > >>>I admit for a lot of test cases that it makes sense not to use a full > >>>set of userspace daemons. At the same time there is not particularly > >>>good reason to have a design that doesn't allow you to run a full > >>>userspace. > >> > >>how do you share the display between all the different containers if they > >>are > >>trying to run the X server? > > > >Either X does not start because the hardware it needs is not present or > >Xnest or similar gets started. > > > >>how do you avoid all the containers binding to the same port on the default > >>IP > >>address? > > > >Network namespaces. > > > >>how do you arbitrate dbus across the containers. > > > >Why should you? > > because the containers are simulating different machines, and dbus > doesn't work arcross different machines.
Exactly - Eric is saying dbus should not be (and is not) shared among containers. > >>when a new USB device gets plugged in, which container gets control of > >>it? > > > >None of them. Although today they may all get the uevent. None of the > >containers should have permission to call mknod to mess with it. > > why would the software inside a container not have the rights to do > a mknod inside the container? Why shouldn't an unprivileged user be allowed to mknod on the host? -serge ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
