http://karpoke.ignaciocano.com/tags/cgroups/Recent content in Cgroups on Karpoke - Just Another BlogHugo -- 0.159.0esTue, 01 Nov 2016 15:09:00 +0100http://karpoke.ignaciocano.com/2016/11/01/linux-containers-in-500-lines-of-code/Tue, 01 Nov 2016 15:09:00 +0100http://karpoke.ignaciocano.com/2016/11/01/linux-containers-in-500-lines-of-code/<p>Relatd:</p> <blockquote> <p>I’ve used Linux containers directly and indirectly for years, but I wanted to become more familiar with them. So I wrote some code. This used to be 500 lines of code, I swear, but I’ve revised it some since publishing; I’ve ended up with about 70 lines more.</p> <p>I wanted specifically to find a minimal set of restrictions to run untrusted code. This isn’t how you should approach containers on anything with any exposure: you should restrict everything you can. But I think it’s important to know which permissions are categorically unsafe!</p>