From: Kirill Korotaev <dev@sw.ru>
To: Hubertus Franke <frankeh@watson.ibm.com>
Cc: Sam Vilain <sam@vilain.net>, Rik van Riel <riel@redhat.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Kirill Korotaev <dev@openvz.org>,
Linus Torvalds <torvalds@osdl.org>, Andrew Morton <akpm@osdl.org>,
linux-kernel@vger.kernel.org, clg@fr.ibm.com,
haveblue@us.ibm.com, greg@kroah.com, alan@lxorguk.ukuu.org.uk,
serue@us.ibm.com, arjan@infradead.org, kuznet@ms2.inr.ac.ru,
saw@sawoct.com, devel@openvz.org, Dmitry Mishin <dim@sw.ru>
Subject: Re: [PATCH 1/4] Virtualization/containers: introduction
Date: Wed, 08 Feb 2006 18:36:40 +0300 [thread overview]
Message-ID: <43EA1008.5040502@sw.ru> (raw)
In-Reply-To: <43E8D160.4040803@watson.ibm.com>
> The pid-namespace (pspace) provides an approach of fully separate
> the allocation and maintenance of the pids and treating the <pspace,pid>
> tuple as an entity to uniquely identify a task and vice versa.
> As a result the logic of lookup can be pushed down the find_task_by_pid()
> lookup. There are specific cases where the init_task of a container or
> pspace needs to be checked to ensure that signals/waits and alike are
> properly
> handled across pspace boundaries. I think this is an intuitive and clean
> way.
> It also completely avoids the problem of having to think about all the
> locations
> at the user/kernel boundary where a vpid/pid conversion needs to take
> place.
> It also avoids the problems that logically vpids and pids are different
> types and
> therefore it would have been good to have type checking automatically
> identify
> problem spots.
> On the negative side, it does require to maintain a pidmap per pidspace.
Additional negative sides:
- full isolation can be inconvinient from containers management point of
view. You will need to introduce new modified tools such as top/ps/kill
and many many others. You won't be able to strace/gdb processes from the
host also.
- overhead when virtualization is off, result is not the same.
- additional args everywhere (stack usage, etc.)
> The vpid approach has the drawbacks of having to identify the conversion
> spots
> of all vpid vs. pid semantics. On the otherhand it does take advantage
> of the fact that no virtualization has to take place until a "container"
> has been migrated, thus rendering most of the vpid<->pid calls to be
> noops.
It has some other additional advantages:
- flexible: you can select full isolation or weak is required. I really
believe this is very important.
> The container is just an umbrella object that ties every "virtualized"
> subsystem
> together.
Yep. And containers were what I wanted to start with actually. Not VPIDs.
Kirill
next prev parent reply other threads:[~2006-02-08 15:35 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-02-06 21:57 [PATCH 1/4] Virtualization/containers: introduction Kirill Korotaev
2006-02-06 22:12 ` [PATCH 2/4] Virtualization/containers: CONFIG_CONTAINER Kirill Korotaev
2006-02-06 22:17 ` [PATCH 3/4] Virtualization/containers: UID hash Kirill Korotaev
2006-02-06 22:22 ` [PATCH 4/4] Virtualization/containers: uts name Kirill Korotaev
2006-02-06 23:00 ` [PATCH 1/4] Virtualization/containers: introduction Dave Hansen
2006-02-07 12:24 ` Kirill Korotaev
2006-02-07 3:34 ` Eric W. Biederman
2006-02-07 3:40 ` Rik van Riel
2006-02-07 6:30 ` Sam Vilain
2006-02-07 11:51 ` Kirill Korotaev
2006-02-07 14:31 ` Eric W. Biederman
2006-02-07 15:42 ` Eric W. Biederman
2006-02-07 16:18 ` Kirill Korotaev
2006-02-07 17:20 ` Eric W. Biederman
2006-02-07 22:43 ` Sam Vilain
2006-02-07 16:57 ` Hubertus Franke
2006-02-07 20:19 ` Serge E. Hallyn
2006-02-07 20:46 ` Hubertus Franke
2006-02-07 22:00 ` Eric W. Biederman
2006-02-07 22:19 ` Hubertus Franke
2006-02-07 22:06 ` The issues for agreeing on a virtualization/namespaces implementation Eric W. Biederman
2006-02-07 23:35 ` Hubertus Franke
2006-02-08 0:43 ` Alexey Kuznetsov
2006-02-08 2:49 ` Eric W. Biederman
2006-02-08 3:36 ` Serge E. Hallyn
2006-02-08 3:52 ` Eric W. Biederman
2006-02-08 4:37 ` Herbert Poetzl
2006-02-08 4:46 ` Eric W. Biederman
2006-02-08 19:24 ` Stephen Hemminger
2006-02-08 5:23 ` Eric W. Biederman
2006-02-08 14:40 ` Hubertus Franke
2006-02-08 15:17 ` Serge E. Hallyn
2006-02-08 15:35 ` Kirill Korotaev
2006-02-08 15:57 ` Hubertus Franke
2006-02-08 19:02 ` Herbert Poetzl
2006-02-08 16:48 ` Eric W. Biederman
2006-02-08 17:46 ` Eric W. Biederman
2006-02-08 18:03 ` Serge E. Hallyn
2006-02-08 18:31 ` Hubertus Franke
2006-02-08 20:21 ` Dave Hansen
2006-02-08 21:22 ` Serge E. Hallyn
2006-02-08 22:28 ` Eric W. Biederman
2006-02-20 12:11 ` Kirill Korotaev
2006-02-20 12:41 ` Herbert Poetzl
2006-02-20 14:26 ` Kirill Korotaev
2006-02-20 15:16 ` Herbert Poetzl
2006-02-08 4:56 ` Herbert Poetzl
2006-02-08 14:38 ` Serge E. Hallyn
2006-02-08 14:51 ` Hubertus Franke
2006-02-09 4:45 ` Kyle Moffett
2006-02-09 5:41 ` Eric W. Biederman
2006-02-09 22:25 ` Eric W. Biederman
2006-02-07 22:58 ` [PATCH 1/4] Virtualization/containers: introduction Sam Vilain
2006-02-07 23:18 ` Hubertus Franke
2006-02-08 5:03 ` Eric W. Biederman
2006-02-08 14:13 ` Hubertus Franke
2006-02-08 15:44 ` Kirill Korotaev
2006-02-08 16:39 ` Eric W. Biederman
2006-02-08 2:08 ` Kevin Fox
2006-02-08 1:16 ` Sam Vilain
2006-02-08 4:21 ` Paul Jackson
2006-02-08 15:36 ` Kirill Korotaev [this message]
2006-02-08 17:16 ` Eric W. Biederman
2006-02-08 20:43 ` Dave Hansen
2006-02-08 21:04 ` Eric W. Biederman
2006-02-07 12:14 ` Kirill Korotaev
2006-02-07 14:06 ` Eric W. Biederman
2006-02-07 14:52 ` Rik van Riel
2006-02-07 15:13 ` Eric W. Biederman
2006-02-09 0:24 ` Eric W. Biederman
2006-02-09 2:18 ` Jeff Dike
2006-02-09 3:16 ` Eric W. Biederman
2006-02-09 14:28 ` Kirill Korotaev
2006-02-09 15:40 ` Jeff Dike
2006-02-09 15:49 ` Kirill Korotaev
2006-02-09 17:50 ` Jeff Dike
2006-02-09 16:38 ` Hubertus Franke
2006-02-09 17:48 ` Jeff Dike
2006-02-09 22:09 ` Sam Vilain
2006-02-09 21:56 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43EA1008.5040502@sw.ru \
--to=dev@sw.ru \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=arjan@infradead.org \
--cc=clg@fr.ibm.com \
--cc=dev@openvz.org \
--cc=devel@openvz.org \
--cc=dim@sw.ru \
--cc=ebiederm@xmission.com \
--cc=frankeh@watson.ibm.com \
--cc=greg@kroah.com \
--cc=haveblue@us.ibm.com \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=riel@redhat.com \
--cc=sam@vilain.net \
--cc=saw@sawoct.com \
--cc=serue@us.ibm.com \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.