git.proxmox.com Git - mirror_lxc.git/commit

lxc: add lxc.sched.core

Core scheduling defines if the container payload is marked as being
schedulable on the same core. Doing so will cause the kernel scheduler
to ensure that tasks that are not in the same group never run
simultaneously on a core. This can serve as an extra security measure to
prevent the container payload from using cross hyper thread attacks.

The only allowed values are 0 and 1. Set this to 1 to create a core
scheduling domain for the container or 0 to not create one. If not set
explicitly no core scheduling domain will be created for the container.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

author	Christian Brauner <christian.brauner@ubuntu.com>
	Wed, 29 Sep 2021 11:16:26 +0000 (13:16 +0200)
committer	Christian Brauner <christian.brauner@ubuntu.com>
	Wed, 29 Sep 2021 12:07:41 +0000 (14:07 +0200)
commit	09996a4821c25c6741dbdcd37e9b07f56018458c
tree	1271de85274072a5db1eb4a6ddc37aac04844c05	tree
parent	b371ad51bb2512f6c5c7667fb766e0e84f5181c4	commit \| diff

doc/lxc.container.conf.sgml.in		diff \| blob \| blame \| history
src/lxc/api_extensions.h		diff \| blob \| blame \| history
src/lxc/conf.c		diff \| blob \| blame \| history
src/lxc/conf.h		diff \| blob \| blame \| history
src/lxc/confile.c		diff \| blob \| blame \| history
src/lxc/start.c		diff \| blob \| blame \| history
src/lxc/syscall_wrappers.h		diff \| blob \| blame \| history
src/tests/parse_config_file.c		diff \| blob \| blame \| history