From: ebiederm@xmission.com (Eric W. Biederman)
To: Aravinda Prasad <aravinda@linux.vnet.ibm.com>
Cc: Krister Johansen <kjlx@templeofstupid.com>,
Hari Bathini <hbathini@linux.vnet.ibm.com>,
ast@fb.com, peterz@infradead.org,
lkml <linux-kernel@vger.kernel.org>,
acme@kernel.org, alexander.shishkin@linux.intel.com,
mingo@redhat.com, daniel@iogearbox.net, rostedt@goodmis.org,
Ananth N Mavinakayanahalli <ananth@linux.vnet.ibm.com>,
sargun@sargun.me, brendan.d.gregg@gmail.com, rgb@redhat.com,
Linux-audit@redhat.com
Subject: Re: [PATCH v4 0/3] perf: add support for analyzing events for containers
Date: Thu, 12 Jan 2017 03:45:40 +1300 [thread overview]
Message-ID: <87d1ftmz8r.fsf@xmission.com> (raw)
In-Reply-To: <0856f77e-0a9c-de9a-fc67-64759e87f82e@linux.vnet.ibm.com> (Aravinda Prasad's message of "Wed, 11 Jan 2017 16:46:01 +0530")
Aravinda Prasad <aravinda@linux.vnet.ibm.com> writes:
> On Wednesday 04 January 2017 02:34 PM, Krister Johansen wrote:
>> On Tue, Jan 03, 2017 at 04:57:54PM +0530, Hari Bathini wrote:
>>> On Thursday 29 December 2016 07:11 AM, Krister Johansen wrote:
>>>> On Fri, Dec 16, 2016 at 12:06:55AM +0530, Hari Bathini wrote:
>>>>> This patch-set overcomes this limitation by using cgroup identifier as
>>>>> container unique identifier. A new PERF_RECORD_NAMESPACES event that
>>>>> records namespaces related info is introduced, from which the cgroup
>>>>> namespace's device & inode numbers are used as cgroup identifier. This
>>>>> is based on the assumption that each container is created with it's own
>>>>> cgroup namespace allowing assessment/analysis of multiple containers
>>>>> using cgroup identifier.
>>>> Why choose cgroups when the kernel dispenses namespace-unique
>>>> identifiers. Cgroup membership can be arbitrary. Moreover, cgroup and
>>>
>>> Agreed. But doesn't that hold for any other namespace or a combination
>>> of namespaces as well?
>>
>> I guess that's part of my concern. There is no container-unique
>> identifier on the system, since the notion of containers is a construct
>> of higer-level software.
>
> I wish we had a container-unique identifier. A container-unique
> identifier will make things a lot more better, not just for
> container-aware tracing but for audit subsystem as well.
>
> https://lwn.net/Articles/699819/#Comments
Something like the audit login id might be useful for some things, but
don't expect it to cover all containers, or all usecases so something
like that would need a more specific name than container id.
Any such identifier needs to handle the case of nested containers, and
of container migration from one system to another.
The issue generally appears to be that we have plent of ids that can
serve that purpose but there is insufficient agreement on what
constitues a container.
So at this point just no. You quoted my technical description of why
there does not exist such a thing as a container id, and have completely
ignored the technical reasons.
Eric
next prev parent reply other threads:[~2017-01-11 14:45 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-15 18:36 [PATCH v4 0/3] perf: add support for analyzing events for containers Hari Bathini
2016-12-15 18:37 ` [PATCH v4 1/3] perf: add PERF_RECORD_NAMESPACES to include namespaces related info Hari Bathini
2016-12-15 18:46 ` Peter Zijlstra
2016-12-16 6:27 ` Hari Bathini
2016-12-16 7:57 ` Peter Zijlstra
2016-12-16 18:21 ` Hari Bathini
2016-12-16 20:05 ` Peter Zijlstra
2016-12-21 13:09 ` Hari Bathini
2016-12-21 13:24 ` Peter Zijlstra
2016-12-21 15:56 ` Hari Bathini
2016-12-22 7:21 ` Eric W. Biederman
2016-12-22 7:53 ` Peter Zijlstra
2016-12-22 10:19 ` Eric W. Biederman
2016-12-22 13:24 ` Peter Zijlstra
2016-12-22 18:20 ` Eric W. Biederman
2016-12-15 18:37 ` [PATCH v4 2/3] perf tool: " Hari Bathini
2016-12-17 17:40 ` Jiri Olsa
2016-12-21 13:18 ` Hari Bathini
2016-12-15 18:37 ` [PATCH v4 3/3] perf tool: add cgroup identifier entry in perf report Hari Bathini
2016-12-29 1:41 ` [PATCH v4 0/3] perf: add support for analyzing events for containers Krister Johansen
2017-01-03 11:27 ` Hari Bathini
2017-01-04 9:04 ` Krister Johansen
2017-01-04 11:45 ` Hari Bathini
2017-01-11 11:16 ` Aravinda Prasad
2017-01-11 14:45 ` Eric W. Biederman [this message]
-- strict thread matches above, loose matches on Subject: below --
2016-12-16 12:14 Alban Crequy
2016-12-16 12:14 ` Alban Crequy
[not found] ` <CAMXgnP5o=rVuOAvVa8L43CVpVGHc5nFceOA4128ahNb6awUH8A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-12-16 18:26 ` Hari Bathini
2016-12-16 18:26 ` Hari Bathini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87d1ftmz8r.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=Linux-audit@redhat.com \
--cc=acme@kernel.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=ananth@linux.vnet.ibm.com \
--cc=aravinda@linux.vnet.ibm.com \
--cc=ast@fb.com \
--cc=brendan.d.gregg@gmail.com \
--cc=daniel@iogearbox.net \
--cc=hbathini@linux.vnet.ibm.com \
--cc=kjlx@templeofstupid.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=rgb@redhat.com \
--cc=rostedt@goodmis.org \
--cc=sargun@sargun.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.