git.ipfire.org Git - thirdparty/lxc.git/commit

lxc: add lxc.sched.core

Core scheduling defines if the container payload is marked as being
schedulable on the same core. Doing so will cause the kernel scheduler
to ensure that tasks that are not in the same group never run
simultaneously on a core. This can serve as an extra security measure to
prevent the container payload from using cross hyper thread attacks.

The only allowed values are 0 and 1. Set this to 1 to create a core
scheduling domain for the container or 0 to not create one. If not set
explicitly no core scheduling domain will be created for the container.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

author	Christian Brauner <christian.brauner@ubuntu.com>
	Wed, 29 Sep 2021 11:16:26 +0000 (13:16 +0200)
committer	Christian Brauner <christian.brauner@ubuntu.com>
	Thu, 14 Oct 2021 15:30:31 +0000 (17:30 +0200)
commit	23355c196ce4e4cd8b8bc089fd8a48d7e715351c
tree	e278535d18ab3d41f0d6bd206ecc1b9fca3aa8a5	tree \| snapshot
parent	0d134902943f044750e0d7f090b955e4256baf8c	commit \| diff

doc/lxc.container.conf.sgml.in		diff \| blob \| blame \| history
src/lxc/api_extensions.h		diff \| blob \| blame \| history
src/lxc/conf.c		diff \| blob \| blame \| history
src/lxc/conf.h		diff \| blob \| blame \| history
src/lxc/confile.c		diff \| blob \| blame \| history
src/lxc/start.c		diff \| blob \| blame \| history
src/lxc/syscall_wrappers.h		diff \| blob \| blame \| history
src/tests/parse_config_file.c		diff \| blob \| blame \| history