mirror of https://github.com/mkerrisk/man-pages
cgroup_namespaces.7: wfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
3ab5cbdabf
commit
a2b7dba58c
|
@ -156,10 +156,9 @@ Such leakages could, for example,
|
|||
reveal information about the container framework
|
||||
to containerized applications.
|
||||
.IP *
|
||||
It allows easier and more flexible
|
||||
confinement of container root tasks, because they can mount
|
||||
their own cgroup filesystems without gaining access to ancestor
|
||||
cgroup directories.
|
||||
It allows better confinement of containererized processes,
|
||||
because it is possible to mount the container's cgroup filesystems such that
|
||||
the container processes can't gain access to ancestor cgroup directories.
|
||||
Consider, for example, the following scenario:
|
||||
.RS 4
|
||||
.IP \(bu 2
|
||||
|
|
Loading…
Reference in New Issue