Cgroups are important for stability, but they are not a security boundary. They prevent denial-of-service, not escape. A process constrained by cgroups still makes syscalls to the same kernel with the same attack surface.
是囿于一时一事的得失,还是着眼打基础、利长远的实绩?
。业内人士推荐同城约会作为进阶阅读
Жители Санкт-Петербурга устроили «крысогон»17:52
struct FProcessHttpRequestRequest
1L decoder, d=2, 5h (MQA), hd=2, ff=4