Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

No, cgroups are a separate API from namespaces. https://man7.org/linux/man-pages/man7/cgroups.7.html


You're not wrong, but the point remains - Are you going to limit their CPUs? Are you going to limit their RAM? Network Performance?

The collections of Cgroups and Namespaces (and for all that they are different APIs, you almost never use one without the other, so perhaps it's bet to refer to the whole group of them as "Containers" or "Containment" to differentiate it from Docker-style containers) is complex and flexible for a reason, even if an absurd proportion of the common cases can be solved with a reasonable set of defaults of them.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: