All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
To: Bastian Blank <bastian-yyjItF7Rl6lg9hUCZPvPmw@public.gmane.org>
Cc: Linux Containers
	<containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>,
	Pavel Emelyanov <xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
Subject: Re: [PATCH 1/1] namespaces: introduce sys_hijack (v11)
Date: Fri, 1 Aug 2008 09:11:53 -0500	[thread overview]
Message-ID: <20080801141152.GA11553@us.ibm.com> (raw)
In-Reply-To: <20080801092318.GA2002-0IJIQSrh9RL9UF0aPl6fsj8Kkb2uy4ct@public.gmane.org>

Quoting Bastian Blank (bastian-yyjItF7Rl6lg9hUCZPvPmw@public.gmane.org):
> On Thu, Jul 31, 2008 at 01:32:13PM -0500, Serge E. Hallyn wrote:
> > Introduce sys_hijack (for i386 and s390 only so far).  An open
> > fd for a cgroup 'tasks' file is specified.  The main purpose
> > is to allow entering an empty cgroup without having to keep a
> > task alive in the target cgroup.
> 
> What is the problem if no task is alive in the target?

Oh, that comment dates back to when I first introduced the
attach-by-ns_cgroup feature.  Before that one had to specify a process
id of an existing task, resulting in hijacking that task.

Eventually, we dropped the hijack_by_pid entirely.

> > The effect is a sort of namespace enter.  The following program
> > uses sys_hijack to 'enter' all namespaces of the specified
> > cgroup.
> 
> I currently fail to see what the differences to a normal cgroup attach
> is.

A normal cgroup attach doesn't switch a task's root and nsproxies.

> >         For instance in one terminal, do
> > 
> > 	mount -t cgroup -ons cgroup /cgroup
> > 	hostname
> > 	  qemu
> > 	ns_exec -u /bin/sh
> > 	  hostname serge
> >           echo $$
> >             2996
> > 	  cat /proc/$$/cgroup
> > 	    ns:/node_2996
> > 
> > In another terminal then do
> > 
> > 	hostname
> > 	  qemu
> > 	cat /proc/$$/cgroup
> > 	  ns:/
> > 	hijack /cgroup/node_2996/tasks
> 
> Why can't this be done by a echo $$ >> /cgroup/node_2996/attach?

Do you mean "why does that current functionality not suffice", or "why
didn't you implement the feature with those semantics"?

Current functionality doesn't suffice because namespaces and
fs_struct are not switched with cgroup attach.  Cgroup attach is
just about tracking tasks, and keeping stats and enforcing limits or
guarantees on the groups.

The problem with implementing this feature using the attach
semantics is that it would move an existing task into the new
cgroup.  That would get much more complicated, especially when
you consider pid namespaces, where we explicitly refuse to
unshare for the same reason.

That is why, with hijack, we clone a new task which is started
afresh in the new namespaces.

thanks,
-serge

> > 	  hostname
> > 	    serge
> > 	  cat /proc/$$/cgroup
> > 	    ns:/node_2996
> 
> Bastian
> 
> -- 
> Star Trek Lives!

  parent reply	other threads:[~2008-08-01 14:11 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-07-31 18:32 [PATCH 1/1] namespaces: introduce sys_hijack (v11) Serge E. Hallyn
     [not found] ` <20080731183213.GA12033-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-08-01  8:30   ` KOSAKI Motohiro
     [not found]     ` <20080801172811.FEC3.KOSAKI.MOTOHIRO-+CUm20s59erQFUHtdCDX3A@public.gmane.org>
2008-08-01 14:22       ` Serge E. Hallyn
2008-08-07 19:23       ` Serge E. Hallyn
2008-08-01  9:23   ` Bastian Blank
     [not found]     ` <20080801092318.GA2002-0IJIQSrh9RL9UF0aPl6fsj8Kkb2uy4ct@public.gmane.org>
2008-08-01 14:11       ` Serge E. Hallyn [this message]
     [not found]         ` <20080801141152.GA11553-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-08-01 15:51           ` Bastian Blank
     [not found]             ` <20080801155148.GA16760-0IJIQSrh9RL9UF0aPl6fsj8Kkb2uy4ct@public.gmane.org>
2008-08-01 16:39               ` Serge E. Hallyn
     [not found]                 ` <20080801163905.GA4647-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-08-01 17:19                   ` Bastian Blank
     [not found]                     ` <20080801171951.GA23754-0IJIQSrh9RL9UF0aPl6fsj8Kkb2uy4ct@public.gmane.org>
2008-08-01 17:38                       ` Serge E. Hallyn
     [not found]                         ` <20080801173817.GA21367-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-08-12 17:06                           ` Serge E. Hallyn
2008-08-01 17:22                   ` Bastian Blank

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080801141152.GA11553@us.ibm.com \
    --to=serue-r/jw6+rmf7hqt0dzr+alfa@public.gmane.org \
    --cc=bastian-yyjItF7Rl6lg9hUCZPvPmw@public.gmane.org \
    --cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
    --cc=xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.