From: Jean-Marc Pigeon <jmp-4qkeo2rQ0gg@public.gmane.org>
To: containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
Subject: Kernel 2.6.33-rc6, 3 bugs container specific.
Date: Tue, 02 Feb 2010 09:46:26 -0500 [thread overview]
Message-ID: <1265121986.6260.234.camel@Mercier.safe.ca> (raw)
Hello,
Tried 2.6.33-rc6 to check container, 3 bugs show up.
(test done on x86_64, Pentium(R) Dual-Core CPU E5400)
#1: Critical / fixed?:
Already reported: system hang very badly if you start
a container (clone) while cloneflag is set with at least
one of the set:
CLONE_NEWNET|CLONE_NEWIPC|CLONE_NEWNS|CLONE_NEWPID|CLONE_NEWUTS.
Bug is said fixed:
(commit fabf318e5e4bda0aca2b0d617b191884fda62703),
and is somewhere in queue, hopefully will be part of rc7.
#2: Trouble / can be override by sys_admin
arping not working if HOST interface not named
the same as in CONT.
Lets say you set the HOST "eth0" interface to be
"fast" to met whatever your standard are and
rename CONT veth to be eth0 using command:
ip link set vth_name name eth0
(within CONT) to allow very standard CONT template.
directory HOST:/sys/class/net will report
br0 fast lo sit0 'to-vth'
directory CONT:/sys/class/net will report
exactly the same
Problem: file
/etc/sysconfig/network-scripts/ifup-eth
is doing "ip link set dev eth0 up" as
eth0 is the name we want to have in CONT.
So far so good, just after arping is
trying to make sure no one is using the
IP to be set.
and arping is accessing file
/sys/class/net/eth0/broadcast
which doesn't exist --> Network setting hang!.
Fix: when "ip link set vth_name name othername"
is applied, /sys/class/net/ should be updated
by kernel too.
#3: Very critical / CONT can't be production grade.
HOST and CONT share the same kmsg ring buffer.
Some part of the kernel running as CONT
could printk CONT specific message (iptable
packet tracing is a good example) even worse
CONT:rsyslog is reading kmsg too, meaning
it is competing with HOST:rsyslog to get
critical information. So the whole ring buffer
is garbled (not good at all).
My advice is to give a specific "ring buffer"
to each started container. This is the way it
was implemented by the openvz guys (seems to
me a very good solution), other solution would
be to say CONT:/proc/kmsg to be a kind of
device null, but then how kernel will give to
container context, informations on it specific
CONT problem???
My 3 cents.
Seems to me we are very close to have a "production"
container, thanks to all contributor...
--
A bientôt
==========================================================================
Jean-Marc Pigeon Internet: jmp@safe.ca
SAFE Inc. Phone: (514) 493-4280
Fax: (514) 493-1946
Clement, 'a kiss solution' to get rid of SPAM (at last)
Clement' Home base <"http://www.clement.safe.ca">
==========================================================================
_______________________________________________
Containers mailing list
Containers@lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
next reply other threads:[~2010-02-02 14:46 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-02 14:46 Jean-Marc Pigeon [this message]
[not found] <1265074676.6260.212.camel@Mercier.safe.ca>
[not found] ` <20100202031647.GA14318@fqdn.org>
[not found] ` <1265121846.6260.231.camel@Mercier.safe.ca>
[not found] ` <4B68649D.2000503@free.fr>
[not found] ` <4B68649D.2000503-GANU6spQydw@public.gmane.org>
2010-02-02 18:18 ` Kernel 2.6.33-rc6, 3 bugs container specific Serge E. Hallyn
[not found] ` <20100202181801.GA28412-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-02-02 18:43 ` Jean-Marc Pigeon
[not found] ` <1265136215.6260.261.camel-4BUXZ/Ty1v7iqR6jatDSCA@public.gmane.org>
2010-02-02 21:32 ` Serge E. Hallyn
[not found] ` <20100202213254.GH32305-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-02-03 10:51 ` Daniel Lezcano
[not found] ` <4B695535.7020301-GANU6spQydw@public.gmane.org>
2010-02-03 13:24 ` Jean-Marc Pigeon
2010-02-03 15:03 ` Serge E. Hallyn
[not found] ` <20100203150350.GA7146-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-02-03 15:48 ` Jean-Marc Pigeon
[not found] ` <1265212090.6260.284.camel-4BUXZ/Ty1v7iqR6jatDSCA@public.gmane.org>
2010-02-03 16:21 ` Serge E. Hallyn
2010-02-04 9:33 ` Daniel Lezcano
2010-02-04 15:19 ` [Lxc-users] " Serge E. Hallyn
[not found] ` <20100204151927.GA7556-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-02-04 16:02 ` Cedric Le Goater
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1265121986.6260.234.camel@Mercier.safe.ca \
--to=jmp-4qkeo2rq0gg@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox