|Deletions are marked like this.||Additions are marked like this.|
|Line 20:||Line 20:|
| * Implement cgroup fake root
* Ideally, when a container mounted cgroups, it would see a namespaced view where the cgroup of the container's init was shown as the root ('/') cgroup. See https://lkml.org/lkml/2012/1/23/532 for previous post and discussion.
FAQ entry about mentoring organisation application: http://www.google-melange.com/gsoc/document/show/gsoc_program/google/gsoc2012/faqs#mentoring_apply
- Improving Harvest
- Implement syslog namespace
Containers share the host's syslog, and so can read, write, and clear them. A syslog namespace should prevent the container from accessing or clearing kernel messages. Userspace-generated messages should go to the container's own syslog. Ideally, a new ns_printk() kernel function should be provided to target certain kernel-generated messages (like iptables messages).
- Improved multiple devpts mounts support
- Implement cgroup fake root