for (int i = 1; i < 10; i++) {
Why is this a problem?
,更多细节参见旺商聊官方下载
Cgroups are important for stability, but they are not a security boundary. They prevent denial-of-service, not escape. A process constrained by cgroups still makes syscalls to the same kernel with the same attack surface.
It sounds like a contradiction, but for Carroll, it's the difference between destiny and graft.