-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 08/26/2010 09:59 AM, Matthew Miller wrote:
On Wed, Aug 25, 2010 at 10:13:05PM -0400, Daniel J Walsh wrote:
Hmm, why is libcgroup pulled in by policycoreutils? What's the rationale?
It is used for confining sandboxes.
Having now looked at both projects, it appears to me that they are in conflict. They could be made to work side by side, in the same way that systemd's cron replacement feature doesn't necessarily mean that you can't run traditional crond, but there is significant overlap in terms of categorization policy. That is, libcgroup uses cgclassify to put stuff into cgroups, whereas systemd uses pam_systemd for users and creates cgroups automatically for services.
This overlap doesn't seem good for the distribution.
Dan, *could* systemd as it stands provide what you need for sandboxes?
I don't know. My goal with sandbox was to allow users to startup sandboxes in such a way that they could be still killed.
Is there a way in cgroups to say
dwalsh gets 80% CPU Then allow dwalsh to specify sandboxes can only use 80% of His CPU. So he can kill them.