[ale] Containers... use?
Steve Litt
slitt at troubleshooters.com
Mon Sep 18 00:01:01 EDT 2017
On Sun, 17 Sep 2017 17:32:24 -0400
Jim Kinney <jim.kinney at gmail.com> wrote:
>
> On September 17, 2017 5:11:38 PM EDT, Steve Litt
> <slitt at troubleshooters.com> wrote:
> >On Sat, 16 Sep 2017 22:21:32 -0400
> >Jim Kinney <jim.kinney at gmail.com> wrote:
> >
> >
> >>
> >> Chroots work well. Add cgroups and its rather locked down.
> >
> >What part do cgroups add to the mix?
> >
> >SteveT
> Best explanation is wikipedia
>
> https://en.m.wikipedia.org/wiki/Cgroups
>
> Short answer: it's how you set usage limits on a process.
So if I understand you correctly, cgroups doesn't directly enhance
security, but instead "locks down" how much of certain resources a
process and any of its spawned processes can use. If I'm not mistaken,
the chroot enhances security. That sound right?
When you control cgroups, do you interact with the /sys/fs/cgroup tree?
Thanks,
SteveT
Steve Litt
September 2017 featured book: Manager's Guide to Technical
Troubleshooting Brand new, second edition
http://www.troubleshooters.com/mgr
More information about the Ale
mailing list