From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
To: Serge Hallyn <serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
Cc: containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
Subject: Re: [PATCH RESEND] userns: enable tmpfs support for user namespace
Date: Thu, 17 Jan 2013 21:29:55 -0800 [thread overview]
Message-ID: <87vcavys6k.fsf@xmission.com> (raw)
In-Reply-To: <20130118042404.GA15079@sergelap> (Serge Hallyn's message of "Thu, 17 Jan 2013 22:24:04 -0600")
Serge Hallyn <serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org> writes:
> Quoting Eric W. Biederman (ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org):
>> Serge Hallyn <serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org> writes:
>>
>> > I actually was waiting for Eric to do it, but I'll happily send it
>> > to linux-fsdevel and lkml (in a bit).
>>
>> I might just.
>>
>> I will take a look at this in a week or so. I want to get through the
>> core userspace bits first so I can just cross those off my list of
>> things that need to be done.
>>
>> Eric
>
> Ok, I'll wait on sending it then - thanks.
Next up is my patch to shadow-utils and then taking a good hard stare at
what is left kernel side.
One of the questions I need to answer is: Do cgroups actually work
for what needs to be limited? Or does the the focus of cgroups on
processes without other ownership in objects fundamentally limit what
can be expressed with cgroups in a problematic way. In which case would
some hierarchical limits based on user namespaces and rlimits be easier
to implement and make more sense.
I think the answer will be that cgroups are good enough but that
question certainly needs looking at.
Anyway. shadow-utils, minimal tmpfs, minimal devpts, and then the rest.
Eric
next prev parent reply other threads:[~2013-01-18 5:29 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-16 10:25 [PATCH RESEND] userns: enable tmpfs support for user namespace Gao feng
[not found] ` <1358331945-4106-1-git-send-email-gaofeng-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-01-16 14:35 ` Serge Hallyn
2013-01-17 1:07 ` Gao feng
[not found] ` <50F74EC6.60004-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-01-17 10:15 ` Eric W. Biederman
2013-01-17 17:14 ` Serge Hallyn
2013-01-17 23:34 ` Eric W. Biederman
[not found] ` <87fw1zbd03.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-01-18 4:24 ` Serge Hallyn
2013-01-18 5:29 ` Eric W. Biederman [this message]
[not found] ` <87vcavys6k.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-01-18 5:33 ` Glauber Costa
[not found] ` <50F8DEBF.1020701-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2013-01-18 6:04 ` Eric W. Biederman
[not found] ` <87ip6vyqkf.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-01-18 6:10 ` Glauber Costa
[not found] ` <50F8E73B.7000903-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2013-01-18 7:01 ` Constraining the memory used by an unprivilged mount of tmpfs Eric W. Biederman
[not found] ` <87ip6vug8p.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-01-18 18:42 ` Glauber Costa
[not found] ` <50F99787.3090708-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2013-01-18 19:48 ` Serge Hallyn
2013-01-18 19:52 ` Glauber Costa
[not found] ` <50F9A7FD.6030507-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2013-01-18 20:06 ` Serge Hallyn
2013-01-18 20:18 ` Eric W. Biederman
[not found] ` <87hament1w.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-01-18 20:32 ` Serge Hallyn
2013-01-18 22:38 ` Glauber Costa
[not found] ` <50F9CED4.2070109-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2013-01-25 8:12 ` Eric W. Biederman
[not found] ` <87zjzxllzz.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-01-25 8:21 ` Lord Glauber Costa of Sealand
2013-01-20 19:27 ` Serge E. Hallyn
2013-01-21 2:39 ` [PATCH RESEND] userns: enable tmpfs support for user namespace Gao feng
[not found] ` <50FCAA62.8070804-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-01-21 5:08 ` Glauber Costa
2013-01-20 19:24 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87vcavys6k.fsf@xmission.com \
--to=ebiederm-as9lmozglivwk0htik3j/w@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.