From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?UTF-8?B?VnJpamVuZHJhICjgpLXgpYPgpJzgpYfgpKjgpY3gpKbgpY3gpLApIEdva2hhbGU=?= Subject: Re: cgroup: status-quo and userland efforts Date: Fri, 28 Jun 2013 12:01:56 -0700 Message-ID: References: <20130625000118.GT1918@mtj.dyndns.org> <20130626212047.GB4536@htj.dyndns.org> <1372311907.5871.78.camel@marge.simpson.net> <20130627180143.GD5599@mtj.dyndns.org> <1372391198.5989.110.camel@marge.simpson.net> <20130628040930.GC2500@htj.dyndns.org> <1372394950.5989.128.camel@marge.simpson.net> <20130628050138.GD2500@htj.dyndns.org> <20130628150513.GD5125@dhcp22.suse.cz> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=NnAOx6R67p0aNjlX7QLS6m/GhOSmk6/8f9R6bESY/5I=; b=EUZBDMiN93zKBShzByw7qPp4iJbftnUVhZl96G48akxQcsBeEvgzX//djVnkNX0aXO e5z3/MpWZ7Rk/lvK1yWtbd0C7omiuA9XZrTHw3g5Qi6F4G3UzQGu3fQoo/FErDju+4/r J8oK1nt2GdSyLRxqGd0xGSVOXNbSjSxi66rG7w943WTbMpLn8n9ZE74mwbt0py+bbAw7 uHwgns+yLcGFyU2zT+vjq5rzXRHivO8e/lhB9zC//ixRA3lMZOaAzlfRD9i82iDi/g+h +MvaBdCZl5wKkXaX6+bMjBgrFdnRUMijx2OQ7aMLYM8TOeRMMQUQyUq+DnGQzJccFwv1 Eevg== In-Reply-To: List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Tim Hockin Cc: Mike Galbraith , Containers , Kay Sievers , "linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , lpoetter , Michal Hocko , jpoimboe , Tejun Heo , Cgroups , "dhaval.giani" On Fri, Jun 28, 2013 at 11:53 AM, Tim Hockin wrote: > On Fri, Jun 28, 2013 at 8:05 AM, Michal Hocko wrote: > > On Thu 27-06-13 22:01:38, Tejun Heo wrote: > > >> Oh, that in itself is not bad. I mean, if you're root, it's pretty > >> easy to play with and that part is fine. But combined with the > >> hierarchical nature of cgroup and file permissions, it encourages > >> people to "deligate" subdirectories to less previledged domains, > > > > OK, this really depends on what you expose to non-root users. I have > > seen use cases where admin prepares top-level which is root-only but > > it allows creating sub-groups which are under _full_ control of the > > subdomain. This worked nicely for memcg for example because hard limit, > > oom handling and other knobs are hierarchical so the subdomain cannot > > overwrite what admin has said. > > bingo > > Note that we also use cpu and io hierarchies as user accessible hierarchies. This makes delegation possible to google workloads for subset (sub-cgroups) creation and monitoring. > > And the systemd, with its history of eating projects and not caring much > > about their previous users who are not willing to jump in to the systemd > > car, doesn't sound like a good place where to place the new interface to > > me. > > +1 > > If systemd is the only upstream implementation of this single-agent > idea, we will have to invent our own, and continue to diverge rather > than converge. I think that, if we are going to pursue this model of > a single-agent, we should make a kick-ass implementation that is > flexible and scalable, and full-featured enough to not require > divergence at the lowest layer of the stack. Then build systemd on > top of that. Let systemd offer more features and policies and > "semantic" APIs. > > We will build our own semantic APIs that are, necessarily, different > from systemd. But we can all use the same low-level mechanism. > > Tim > _______________________________________________ > Containers mailing list > Containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org > https://lists.linuxfoundation.org/mailman/listinfo/containers >