From: Jeff Liu <jeff.liu-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
To: Serge Hallyn <serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
Cc: tytso-3s7WtUTddSA@public.gmane.org,
tinguely-sJ/iWh9BUns@public.gmane.org,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
david-FqsqvQoI3Ljby3iVrkZq2A@public.gmane.org,
cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
hch-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org,
bpm-sJ/iWh9BUns@public.gmane.org,
christopher.jones-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Jan Kara <jack-AlSwsSmVLrQ@public.gmane.org>,
tm-d1IQDZat3X0@public.gmane.org,
linux-ext4-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
chris.mason-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org
Subject: Re: container disk quota
Date: Mon, 04 Jun 2012 12:46:49 +0800 [thread overview]
Message-ID: <4FCC3DB9.40105@oracle.com> (raw)
In-Reply-To: <20120604025716.GA3480@sergelap>
On 06/04/2012 10:57 AM, Serge Hallyn wrote:
> Quoting Jeff Liu (jeff.liu-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org):
>> Hi Serge,
>>
>> On 06/02/2012 12:04 AM, Serge Hallyn wrote:
>>
>>> Quoting Jan Kara (jack-AlSwsSmVLrQ@public.gmane.org):
>>>> Hello,
>>>>
>>>> On Wed 30-05-12 22:58:54, jeff.liu-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org wrote:
>>>>> According to glauber's comments regarding container disk quota, it should be binded to mount
>>>>> namespace rather than cgroup.
>>>>>
>>>>> Per my try out, it works just fine by combining with userland quota utilitly in this way.
>>>>> However, they are something has to be done at user tools too IMHO.
>>>>>
>>>>> Currently, the patchset is in very initial phase, I'd like to post it early to seek more
>>>>> feedbacks from you guys.
>>>>>
>>>>> Hopefully I can clarify my ideas clearly.
>>>> So what I miss in this introductory email is some highlevel description
>>>> like what is the desired functionality you try to implement and what is it
>>>> good for. Looking at the examples below, it seems you want to be able to
>>>> set quota limits for namespace-uid (and also namespace-gid???) pairs, am I
>>>> right?
>>>>
>>>> If yes, then I would like to understand one thing: When writing to a
>>>> file, used space is accounted to the owner of the file. Now how do we
>>>> determine owning namespace? Do you implicitely assume that only processes
>>>> from one namespace will be able to access the file?
>>>>
>>>> Honza
>>>
>>> Not having looked closely at the original patchset, let me ask - is this
>>> feature going to be a freebie with Eric's usernamespace patches?
>>
>> It we can reach a consensus to bind quota on mount namespace for
>> container or other things maybe.
>> I think it definitely should depends on user namespace.
>>
>>>
>>> There, a container can be started in its own user namespace. It's uid
>>> 1000 will be mapped to something like 1101000 on the host. So the actual
>>> uid against who the quota is counted is 1101000. In another container,
>>> uid 1000 will be mapped to 1201000, and again quota will be counted against
>>> 1201000.
>>
>> Is it also an implications that we can examine do container quota or not
>> based on the uid/gid number?
>
> I'm sorry I don't understand the question.
Sorry for my poor english.
>
> As an attempt at an answer: the quota code wouldn't change at all. We would
> simply exploit the fact that uid 1000 in container1 has a real uid of 101100,
> which is different from the real uid 102100 assigned to uid 1000 in container2
> and from real uid 1000 (uid 1000 on the host).
In that case, looks we only need to figure out how to let quota tools
works at container.
I'll build a new kernel with user_ns to give a try.
>
>>> Note that this won't work with bind mounts, as a file can only be owned
>>> by one uid, be it 1000, 1101000, or 1201000. So for the quota to work
>>> each container would need its own files. (Of course the underlying
>>> metadata can be shared through whatever ways - btrfs, lvm snapshotting,
>>> etc)
>>
>> Do you means that we can not bind mount outside files to container for
>> as general adquot.user/adquot.group purpose?
>
> Right, not without some sort of stackable filesystem which masks the uid.
>
> Actually there may be a way around it (simply provide a mount option,
> requiring privilege in the original user namespace, saying mask uid x to
> look like uid y for this bind mount), but it's too early to say how
> cleanly that could be done.
>
>> If so, per glauber's comments, bind quota to mount namespace should be a
>> generic feature, and container just one of users could make use of it.
>>
>> Again, if bind quota to mount namespace is on right direction, and it
>> only does make sense to container for now, maybe we don't need such
>> files. IMHO, container is a lightweight virtualization solution, maybe
>> its fine to make it as simple as possible. If the server admin need to
>> configure hundreds of user/group dquot per container, perhaps he should
>> consider KVM/XEN.
>
> Server admin doesn't need to do that.
Thanks for the info!
-Jeff
>
> -serge
> --
> To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2012-06-04 4:46 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-30 14:58 container disk quota jeff.liu-QHcLZuEGTsvQT0dZR+AlfA
[not found] ` <1338389946-13711-1-git-send-email-jeff.liu-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2012-05-30 14:58 ` [PATCH 01/12] container quota: add kernel configuration for container quota jeff.liu-QHcLZuEGTsvQT0dZR+AlfA
[not found] ` <1338389946-13711-2-git-send-email-jeff.liu-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2012-05-31 9:00 ` Glauber Costa
2012-05-31 9:01 ` Glauber Costa
2012-05-30 14:58 ` [PATCH 02/12] container quota: lock/unlock mount namespace when performing quotactl jeff.liu-QHcLZuEGTsvQT0dZR+AlfA
[not found] ` <1338389946-13711-3-git-send-email-jeff.liu-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2012-05-31 9:04 ` Glauber Costa
[not found] ` <4FC73418.1040402-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-05-31 12:40 ` Jeff Liu
2012-05-30 14:58 ` [PATCH 03/12] container quota: introduce container quota format identifier jeff.liu-QHcLZuEGTsvQT0dZR+AlfA
2012-05-30 14:58 ` [PATCH 04/12] container quota: introduce container disk quota data header file jeff.liu-QHcLZuEGTsvQT0dZR+AlfA
2012-05-31 9:10 ` Glauber Costa
[not found] ` <4FC735A2.4040400-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-05-31 12:53 ` Jeff Liu
2012-05-30 14:58 ` [PATCH 05/12] container quota: bind disk quota stuff on mount namespace jeff.liu-QHcLZuEGTsvQT0dZR+AlfA
2012-05-30 14:59 ` [PATCH 06/12] container quota: implementations and header for block/inode bill up jeff.liu-QHcLZuEGTsvQT0dZR+AlfA
2012-05-30 14:59 ` [PATCH 07/12] container quota: add quota control source file jeff.liu-QHcLZuEGTsvQT0dZR+AlfA
2012-05-30 14:59 ` [PATCH 08/12] container quota: let quotactl(2) works for container jeff.liu-QHcLZuEGTsvQT0dZR+AlfA
2012-05-30 14:59 ` [PATCH 09/12] container quota: add container disk quota entry to Makefile jeff.liu-QHcLZuEGTsvQT0dZR+AlfA
2012-05-30 14:59 ` [PATCH 10/12] container quota: bill container inodes alloc/free on ext4 jeff.liu-QHcLZuEGTsvQT0dZR+AlfA
[not found] ` <1338389946-13711-11-git-send-email-jeff.liu-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2012-05-30 15:55 ` Ted Ts'o
[not found] ` <20120530155543.GB13236-AKGzg7BKzIDYtjvyW6yDsg@public.gmane.org>
2012-05-31 1:43 ` Jeff Liu
[not found] ` <4FC6CCB6.4090908-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2012-05-31 1:54 ` Ted Ts'o
[not found] ` <20120531015453.GA6759-AKGzg7BKzIDYtjvyW6yDsg@public.gmane.org>
2012-05-31 2:37 ` Jeff Liu
[not found] ` <4FC6D94D.6040106-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2012-05-31 3:24 ` Jeff Liu
2012-05-31 9:15 ` Glauber Costa
[not found] ` <4FC736AD.2070404-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-05-31 12:58 ` Jeff Liu
[not found] ` <4FC76B0D.6020804-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2012-05-31 13:14 ` Glauber Costa
[not found] ` <4FC76ECA.3070301-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-05-31 13:43 ` Jeff Liu
2012-06-05 0:03 ` Dave Chinner
2012-05-30 14:59 ` [PATCH 11/11] container quota: bill container disk blocks " jeff.liu-QHcLZuEGTsvQT0dZR+AlfA
2012-05-30 14:59 ` [PATCH 12/12] container quota: init/destroy container dqinfo on mount namespace jeff.liu-QHcLZuEGTsvQT0dZR+AlfA
2012-05-31 8:54 ` container disk quota Glauber Costa
[not found] ` <4FC731C1.5000903-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-05-31 9:19 ` Glauber Costa
[not found] ` <4FC7378B.2030707-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-05-31 13:04 ` Jeff Liu
2012-05-31 12:31 ` Jeff Liu
2012-06-01 15:54 ` Jan Kara
[not found] ` <20120601155457.GA30909-+0h/O2h83AeN3ZZ/Hiejyg@public.gmane.org>
2012-06-01 16:04 ` Serge Hallyn
2012-06-02 5:59 ` Jeff Liu
2012-06-02 6:06 ` Kirill Korotaev
[not found] ` <01FED15D-15A3-4542-B95B-1166F0A309E6-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-06-02 6:24 ` Jeff Liu
[not found] ` <4FC9B183.10605-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2012-06-02 15:21 ` Kirill Korotaev
[not found] ` <8660DDAA-D7A7-4C03-8CBB-9DB7E94C80CB-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-06-03 4:23 ` Jeff Liu
[not found] ` <4FCAE6CB.8060208-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2012-06-03 5:47 ` Kirill Korotaev
[not found] ` <81DE9C10-649B-4D13-86B0-200944AE8767-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-06-03 6:02 ` Jeff Liu
2012-06-03 9:48 ` Glauber Costa
2012-06-04 2:57 ` Serge Hallyn
2012-06-04 4:46 ` Jeff Liu [this message]
[not found] ` <4FCC3DB9.40105-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2012-06-04 9:42 ` Jan Kara
[not found] ` <20120604094224.GA7670-+0h/O2h83AeN3ZZ/Hiejyg@public.gmane.org>
2012-06-04 13:35 ` Jeff Liu
2012-06-04 13:56 ` Jan Kara
[not found] ` <20120604135615.GD11010-+0h/O2h83AeN3ZZ/Hiejyg@public.gmane.org>
2012-06-04 14:55 ` Jeff Liu
[not found] ` <4FCCCC64.5060301-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2012-06-04 15:50 ` Jeff Liu
2012-06-02 5:42 ` Jeff Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FCC3DB9.40105@oracle.com \
--to=jeff.liu-qhclzuegtsvqt0dzr+alfa@public.gmane.org \
--cc=bpm-sJ/iWh9BUns@public.gmane.org \
--cc=cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=chris.mason-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org \
--cc=christopher.jones-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=david-FqsqvQoI3Ljby3iVrkZq2A@public.gmane.org \
--cc=hch-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org \
--cc=jack-AlSwsSmVLrQ@public.gmane.org \
--cc=linux-ext4-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org \
--cc=tinguely-sJ/iWh9BUns@public.gmane.org \
--cc=tm-d1IQDZat3X0@public.gmane.org \
--cc=tytso-3s7WtUTddSA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).