[ale] Containers... use?

Steve Litt slitt at troubleshooters.com
Mon Sep 18 00:01:01 EDT 2017


On Sun, 17 Sep 2017 17:32:24 -0400
Jim Kinney <jim.kinney at gmail.com> wrote:
> 
> On September 17, 2017 5:11:38 PM EDT, Steve Litt
> <slitt at troubleshooters.com> wrote:
> >On Sat, 16 Sep 2017 22:21:32 -0400
> >Jim Kinney <jim.kinney at gmail.com> wrote:
> >
> >  
> >> 
> >> Chroots work well. Add cgroups and its rather locked down.  
> >
> >What part do cgroups add to the mix?
> > 
> >SteveT


> Best explanation is wikipedia
> 
> https://en.m.wikipedia.org/wiki/Cgroups
> 
> Short answer: it's how you set usage limits on a process.

So if I understand you correctly, cgroups doesn't directly enhance
security, but instead "locks down" how much of certain resources a
process and any of its spawned processes can use. If I'm not mistaken,
the chroot enhances security. That sound right?

When you control cgroups, do you interact with the /sys/fs/cgroup tree?

Thanks,
 
SteveT

Steve Litt
September 2017 featured book: Manager's Guide to Technical
Troubleshooting Brand new, second edition
http://www.troubleshooters.com/mgr


More information about the Ale mailing list