On Tue, Oct 1, 2013 at 7:19 AM, Janne Karhunen <janne.karhu...@gmail.com> wrote: > On Thu, Sep 26, 2013 at 8:33 AM, Greg Kroah-Hartman > <gre...@linuxfoundation.org> wrote: > >>> - We can relay a call of /sbin/hotplug from outside of a container >>> to inside of a container based on policy. >>> (But no one uses /sbin/hotplug anymore). >> >> That's right, they should be listening to libudev events, so why can't >> your daemon shuffle them off to the proper container, all in userspace? > > Which reminds me, one potential reason being.. > http://lists.linuxfoundation.org/pipermail/containers/2013-May/032591.html >
Can't the daemon live outside the container and shuffle stuff in? IOW, there seems to be little point in containerizing things if you're just going to punch a privilege hole in the namespace. FWIW, I think that the capability evolution rules are crap, but changing them is a can of worms, and enough people seem to thing the status quo is acceptable that this is unlikely to ever get fixed. --Andy ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
