From: Jeff Liu <jeff.liu-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
To: Glauber Costa <glommer-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
Cc: jack-AlSwsSmVLrQ@public.gmane.org,
Lezcano <daniel.lezcano-GANU6spQydw@public.gmane.org>,
Christopher Jones
<christopher.jones-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>,
Li Zefan <lizf-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>,
xfs-VZNHf3L845pBDgjK7y7TUQ@public.gmane.org,
Christoph Hellwig <hch-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>,
tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org,
Ben Myers <bpm-sJ/iWh9BUns@public.gmane.org>,
Daniel-VZNHf3L845pBDgjK7y7TUQ@public.gmane.org,
lxc-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org,
"linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Chris Mason <chris.mason-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>,
tytso-DPNOqEs/LNQ@public.gmane.org
Subject: Re: [RFC PATCH v1 0/4] cgroup quota
Date: Mon, 12 Mar 2012 15:11:11 +0800 [thread overview]
Message-ID: <4F5DA18F.6040000@oracle.com> (raw)
In-Reply-To: <4F5DC396.60701-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
On 03/12/2012 05:36 PM, Glauber Costa wrote:
> On 03/11/2012 03:47 PM, Jeff Liu wrote:
>> And also, if there has already a project quota limits enforced outsides
>> to a directly, but the user can still setup a smaller quota limit s
>> through cgroup ,those limits just mixed up, but the smaller quota only
>> be effected for those processes running at container.
>>
>>> >
>>> > What we really need here, is a way to have a privileged user inside a
>>> > container to create normal quotas (user, group) that he can
>>> configure,
>>> > and have this quota be always smaller than, say, a project quota
>>> defined
>>> > for the container from the outside. But cgroups is hardly the
>>> interface,
>>> > or place, for that: Usually, the processes inside the container won't
>>> > have access to their cgroups. They will contain the limits they are
>>> > entitled to, and we don't won't the processes to change that at
>>> will. So
>>> > tying it to cgroups does not solve the fundamental problem, which
>>> is how
>>> > we have the container admin to set up quotas...
>> Sigh, exactly, I need some time to understand your opinions. Thanks
>> again.
>>
>>
>
> My take on this is that you should stick to the quota interface. It
> seems to works well enough for people out there. This means, how quotas
> are configured, viewed, etc, should work with standard tools.
>
> Now, we need some of those quotas to be tied to a particular mnt
> namespace (I believe namespaces to be the right isolation abstraction
> here, not cgroups), in the sense that they can only be active inside
> that mnt namespace. And then when you bill an inode, block, or anything
> else that quota limits, you bill it to any quota structure that is
> possibly interested in it.
I got started investigating how to isolate quota combine with namespaces today, thanks for your timely suggestions, that's sounds clearer to me.
-Jeff
> Right now the code bills it to one quota
> structure, the one that matches your UID, GID, etc (XFS may be a bit
> more skilled already here, I don't know)
WARNING: multiple messages have this Message-ID (diff)
From: Jeff Liu <jeff.liu@oracle.com>
To: Glauber Costa <glommer@parallels.com>
Cc: jack@suse.cz, Lezcano <daniel.lezcano@free.fr>,
lxc-devel@lists.sourceforge.net, Li Zefan <lizf@cn.fujitsu.com>,
xfs@oss.sgi.com, Christoph Hellwig <hch@infradead.org>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
Ben Myers <bpm@sgi.com>,
tytso@MIT.EDU, Chris Mason <chris.mason@oracle.com>,
Christopher Jones <christopher.jones@oracle.com>,
tj@kernel.org, cgroups@vger.kernel.org, Daniel@oss.sgi.com
Subject: Re: [RFC PATCH v1 0/4] cgroup quota
Date: Mon, 12 Mar 2012 15:11:11 +0800 [thread overview]
Message-ID: <4F5DA18F.6040000@oracle.com> (raw)
In-Reply-To: <4F5DC396.60701@parallels.com>
On 03/12/2012 05:36 PM, Glauber Costa wrote:
> On 03/11/2012 03:47 PM, Jeff Liu wrote:
>> And also, if there has already a project quota limits enforced outsides
>> to a directly, but the user can still setup a smaller quota limit s
>> through cgroup ,those limits just mixed up, but the smaller quota only
>> be effected for those processes running at container.
>>
>>> >
>>> > What we really need here, is a way to have a privileged user inside a
>>> > container to create normal quotas (user, group) that he can
>>> configure,
>>> > and have this quota be always smaller than, say, a project quota
>>> defined
>>> > for the container from the outside. But cgroups is hardly the
>>> interface,
>>> > or place, for that: Usually, the processes inside the container won't
>>> > have access to their cgroups. They will contain the limits they are
>>> > entitled to, and we don't won't the processes to change that at
>>> will. So
>>> > tying it to cgroups does not solve the fundamental problem, which
>>> is how
>>> > we have the container admin to set up quotas...
>> Sigh, exactly, I need some time to understand your opinions. Thanks
>> again.
>>
>>
>
> My take on this is that you should stick to the quota interface. It
> seems to works well enough for people out there. This means, how quotas
> are configured, viewed, etc, should work with standard tools.
>
> Now, we need some of those quotas to be tied to a particular mnt
> namespace (I believe namespaces to be the right isolation abstraction
> here, not cgroups), in the sense that they can only be active inside
> that mnt namespace. And then when you bill an inode, block, or anything
> else that quota limits, you bill it to any quota structure that is
> possibly interested in it.
I got started investigating how to isolate quota combine with namespaces today, thanks for your timely suggestions, that's sounds clearer to me.
-Jeff
> Right now the code bills it to one quota
> structure, the one that matches your UID, GID, etc (XFS may be a bit
> more skilled already here, I don't know)
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
next prev parent reply other threads:[~2012-03-12 7:11 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-09 11:20 [RFC PATCH v1 0/4] cgroup quota Jeff Liu
2012-03-09 11:20 ` Jeff Liu
[not found] ` <4F59E78A.7060903-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2012-03-11 11:18 ` Glauber Costa
2012-03-11 11:18 ` Glauber Costa
2012-03-11 11:18 ` Glauber Costa
[not found] ` <4F5C8A0C.8050904-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-03-11 10:50 ` Jeff Liu
2012-03-11 10:50 ` Jeff Liu
2012-03-11 11:57 ` Glauber Costa
2012-03-11 11:57 ` Glauber Costa
2012-03-11 11:57 ` Glauber Costa
[not found] ` <4F5C933F.3000409-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-03-11 11:47 ` Jeff Liu
2012-03-11 11:47 ` Jeff Liu
2012-03-12 9:36 ` Glauber Costa
2012-03-12 9:36 ` Glauber Costa
2012-03-12 9:36 ` Glauber Costa
[not found] ` <4F5DC396.60701-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-03-12 7:11 ` Jeff Liu [this message]
2012-03-12 7:11 ` Jeff Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F5DA18F.6040000@oracle.com \
--to=jeff.liu-qhclzuegtsvqt0dzr+alfa@public.gmane.org \
--cc=Daniel-VZNHf3L845pBDgjK7y7TUQ@public.gmane.org \
--cc=bpm-sJ/iWh9BUns@public.gmane.org \
--cc=cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=chris.mason-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org \
--cc=christopher.jones-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org \
--cc=daniel.lezcano-GANU6spQydw@public.gmane.org \
--cc=glommer-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org \
--cc=hch-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org \
--cc=jack-AlSwsSmVLrQ@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=lizf-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org \
--cc=lxc-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
--cc=tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=tytso-DPNOqEs/LNQ@public.gmane.org \
--cc=xfs-VZNHf3L845pBDgjK7y7TUQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.