From: Daniel Lezcano <dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
To: Ian jonhson <jonhson.ian-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org
Subject: Re: container userspace tools
Date: Sat, 25 Oct 2008 15:08:36 +0200 [thread overview]
Message-ID: <49031A54.70806@fr.ibm.com> (raw)
In-Reply-To: <8f34198c0810250406s4f1c9337ha2bccc10faed1948-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
Ian jonhson wrote:
> Dear Daniel,
>
> I have tested the container tools in my VM.
> It runs very well. But I can not see any highlight
> show via container.
The container will be more or less isolated depending of what you
specify in the configuration file.
Without any configuration file, you will have pid, ipc and mount points
isolated. If you specify the utsname, it will be isolated and if you
specify the network you will have a new network stack allowing to run
for example a new sshd server.
In the other side, the cgroup are tied with the container, so you can
freeze/unfreeze all processes belonging to the container, change the
priority or assign an amount of physical memory to be used by the container.
> I believe that two group of
> user's processes (with same uid) can be isolated
> via container when both of them access files or
> are enforced with different quota. But I don't know
> how to get the functionalities run.
Allowing to assign quota per container is a good idea, but I don't think
it is supported by the kernel right now. Perhaps there is a trick to do
that but I don't know it :)
The rootfs option allows you to specify the root file system to be used
by the container, so if you specify it, your container will be chrooted
inside. This feature is at a very early stage and will be improved in
the future, allowing to example to specify a iso image of a file system
tree and make use of it.
There are two contributions which are good examples on how to setup a
container, I added them to:
http://sourceforge.net/projects/lxc/
The first one is a chroot of a sshd server and the second one is a
minimalist debian showing a full distro booting.
> Any help?
>
> Thanks in advance.
>
> On Wed, Oct 15, 2008 at 9:11 PM, Daniel Lezcano <dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org> wrote:
>> Ian jonhson wrote:
>>>> The problem is related to the kernel version you have and a missing
>>>> functionality.
>>>>
>>>> You should use the kernel coming from:
>>>>
>>>> git://git.kernel.org/pub/scm/linux/kernel/git/daveh/linux-2.6-lxc.git
>>>>
>>> It needs not to set "Container support" if I run with above kernel,
>>> right?
>>> I have downloaded the source codes.
>> The container support will enable at the compile time the different features
>> in the kernel. I added this kernel option because I was tired to activate
>> the different features one by one as described in the README file. If you
>> don't specify this option, the container code will be there in the kernel
>> but the not active. So you have to set it.
>>
>
> OK, I have activated the "container support" step by step according to
> README, but I met a mismatch setting:
It looks like there is a piece missing at the end of the email.
next prev parent reply other threads:[~2008-10-25 13:08 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-10 11:01 container userspace tools Daniel Lezcano
[not found] ` <8f34198c0810150033p42b74badrf194e66433e32cd5@mail.gmail.com>
[not found] ` <48F5BE23.1060602@fr.ibm.com>
[not found] ` <8f34198c0810150351n7549a1dcx63547746344fce25@mail.gmail.com>
[not found] ` <48F5DB43.70003@fr.ibm.com>
[not found] ` <8f34198c0810150602w70d31453je6fd8811799a3857@mail.gmail.com>
[not found] ` <48F5EBF3.1070204@fr.ibm.com>
[not found] ` <48F5EBF3.1070204-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-10-25 11:06 ` Ian jonhson
[not found] ` <8f34198c0810250406s4f1c9337ha2bccc10faed1948-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-10-25 13:08 ` Daniel Lezcano [this message]
[not found] ` <49031A54.70806-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-10-25 14:39 ` Ian jonhson
[not found] ` <8f34198c0810250739s77ad8271u93992c0bcf61345c-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-10-25 15:47 ` Daniel Lezcano
[not found] ` <49033F90.8090201-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-10-27 14:50 ` Serge E. Hallyn
[not found] ` <20081027145058.GA9724-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-10-27 15:07 ` Ian jonhson
[not found] ` <8f34198c0810270807k52fa15b8x6402ea262ae2ddc6-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-10-27 16:00 ` Serge E. Hallyn
[not found] ` <20081027160003.GB9724-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-10-27 16:29 ` Ian jonhson
[not found] ` <8f34198c0810270929g3ce890e5l91f21523247cf169-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-10-27 16:49 ` Serge E. Hallyn
2008-10-27 16:23 ` Ian jonhson
[not found] ` <8f34198c0810270923s40ee505ay214bc9dd8ebae26d-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-10-27 16:53 ` Serge E. Hallyn
2008-10-27 20:28 ` Daniel Lezcano
[not found] ` <49062482.7070006-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-10-28 8:10 ` Ian jonhson
[not found] ` <8f34198c0810280110s6a7fd98dm355b4747a26ff895-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-11-05 20:33 ` Daniel Lezcano
2008-12-12 7:33 ` Ian jonhson
[not found] ` <8f34198c0812112333k6c1474f3hb67e963b39a0d0d6-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-12-12 8:12 ` Balbir Singh
[not found] ` <20081212081238.GA4365-SINUvgVNF2CyUtPGxGje5AC/G2K4zDHf@public.gmane.org>
2008-12-12 9:06 ` Ian jonhson
[not found] ` <8f34198c0812120106k390a1097ub31905cd2bc44676-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-12-12 9:18 ` Balbir Singh
[not found] ` <20081212091829.GB4365-SINUvgVNF2CyUtPGxGje5AC/G2K4zDHf@public.gmane.org>
2008-12-12 10:02 ` Ian jonhson
[not found] ` <8f34198c0812120202t39582a27k47c98b88246f18ce-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-12-12 14:25 ` Balbir Singh
[not found] ` <20081212142529.GD4365-SINUvgVNF2CyUtPGxGje5AC/G2K4zDHf@public.gmane.org>
2008-12-13 8:18 ` Ian jonhson
[not found] ` <8f34198c0812130018j27b5ee34r15eed114013dfba4-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-12-13 8:20 ` Ian jonhson
2008-12-12 9:21 ` Daniel Lezcano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49031A54.70806@fr.ibm.com \
--to=dlezcano-nmtc/0zbporqt0dzr+alfa@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=jonhson.ian-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.