From mboxrd@z Thu Jan 1 00:00:00 1970 From: Zhang Haoyu Subject: pidns: Make pid accounting and pid_max per namespace Date: Fri, 9 Oct 2015 18:29:20 +0800 Message-ID: <56179700.3010703@mogujie.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org List-Id: containers.vger.kernel.org I started multiple docker containers in centos6.6(linux-2.6.32-504.16.2), and there's one bad program was running in one container. This program produced many child threads continuously without free, so more and more pid numbers were consumed by this program, until hitting the pix_max limit (32768 default in my system ). What's worse is that containers and host share the pid numbers resource, so new program cannot be produced any more in host and other containers. And, I clone the upstream kernel source from https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git This problem is still there, I'm not sure. IMO, we should isolate the pid accounting and pid_max between pid namespaces, and make them per pidns. Below post had request for making pid_max per pidns. http://thread.gmane.org/gmane.linux.kernel/1108167/focus=1111210 Thanks, Zhang Haoyu From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757692AbbJIKfs (ORCPT ); Fri, 9 Oct 2015 06:35:48 -0400 Received: from m97131.qiye.163.com ([220.181.97.131]:55417 "EHLO m97131.qiye.163.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757661AbbJIKfr (ORCPT ); Fri, 9 Oct 2015 06:35:47 -0400 X-Greylist: delayed 346 seconds by postgrey-1.27 at vger.kernel.org; Fri, 09 Oct 2015 06:35:41 EDT To: linux-kernel@vger.kernel.org, containers@lists.linux-foundation.org Cc: xemul@parallels.com From: Zhang Haoyu Subject: pidns: Make pid accounting and pid_max per namespace Message-ID: <56179700.3010703@mogujie.com> Date: Fri, 9 Oct 2015 18:29:20 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-CM-TRANSID: g+CowACXquT8lhdWueEaBw--.34S3 X-Coremail-Antispam: 1Uf129KBjDUn29KB7ZKAUJUUUUU529EdanIXcx71UUUUU7v73 VFW2AGmfu7bjvjm3AaLaJ3UbIYCTnIWIevJa73UjIFyTuYvjxUrGYpUUUUU X-Originating-IP: [122.224.77.194] X-CM-SenderInfo: x1x2x03x6p0wpxmlvhhfrp/1tbiKB+OFFT+b8RRcQAAsM Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org I started multiple docker containers in centos6.6(linux-2.6.32-504.16.2), and there's one bad program was running in one container. This program produced many child threads continuously without free, so more and more pid numbers were consumed by this program, until hitting the pix_max limit (32768 default in my system ). What's worse is that containers and host share the pid numbers resource, so new program cannot be produced any more in host and other containers. And, I clone the upstream kernel source from https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git This problem is still there, I'm not sure. IMO, we should isolate the pid accounting and pid_max between pid namespaces, and make them per pidns. Below post had request for making pid_max per pidns. http://thread.gmane.org/gmane.linux.kernel/1108167/focus=1111210 Thanks, Zhang Haoyu