Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit bb83ccb

Browse files
frasertweedalefrasertweedale
committed
chown cgroup only when new cgroupns also specified
Signed-off-by: Fraser Tweedale <[email protected]>
1 parent e1d1e87 commit bb83ccb

File tree

1 file changed

+5
-0
lines changed

1 file changed

+5
-0
lines changed

config-linux.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -206,6 +206,11 @@ Runtimes SHOULD NOT change the ownership of container cgroups when
206206
cgroups v1 is in use. Cgroup delegation is not secure in cgroups
207207
v1.
208208

209+
A runtime SHOULD NOT change the ownership of a container cgroup
210+
unless it will also create a new cgroup namespace for the container.
211+
Typically this occurs when the `linux.namespaces` array contains an
212+
object with `type` equal to `"cgroup"` and `path` unset.
213+
209214
Runtimes SHOULD change the cgroup ownership if and only if the
210215
cgroup filesystem is to be mounted read/write; that is, when the
211216
configuration's `mounts` array contains an object where:

0 commit comments

Comments
 (0)