Unshare user namespace to make sure setrlimit and other per-user limits are
accounted properly in containers
Signed-off-by: Mikhail Gusarov
---
src/lxc/start.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/lxc/start.c b/src/lxc/start.c
index 3b5023c..f1ae2fa
Twas brillig at 10:38:05 08.04.2010 UTC+02 when dlezc...@fr.ibm.com did
gyre and gimble:
DL> Yep, I did a quick hack in sys_reboot sending a SIGPWR to the
DL> parent of the pid namespace when this one is not the init_pid_ns,
DL> but I didn't had time to propose/send an acceptable version and
Daniel.
>> Unshare user namespace to make sure setrlimit and other per-user
>> limits are accounted properly in containers
[skip]
DL> I am not sure to see all the implications of having this namespace
DL> by default, especially for application containers which can be
DL> executed by non-roo
