Cgroups are important for stability, but they are not a security boundary. They prevent denial-of-service, not escape. A process constrained by cgroups still makes syscalls to the same kernel with the same attack surface.
As I've continued to whittle down the apps I use I don't really feel a need to distinguish between "essential" apps and nice to have apps. The survivors are now just the set that I truly use day to day.
。业内人士推荐体育直播作为进阶阅读
Libbey Signature Coupe Glasses, Set of 4
HS2 said in response: "Chief Executive Mark Wild has been clear that overall delivery of HS2 has been unacceptable and he's committed to ending the project's cycle of cost increases and delays."