Cgroups are important for stability, but they are not a security boundary. They prevent denial-of-service, not escape. A process constrained by cgroups still makes syscalls to the same kernel with the same attack surface.
Welcome to the big leagues, Netflix
。91视频对此有专业解读
Again, it depends on the context. If it’s for a one-off event with a lot of people you don’t know, there’s probably no need.
The campaign featured the idea that replacements had to step into different job roles, because the original staff were playing Call of Duty: Black Ops 7 instead.