Re: [libvirt] kernel summit topic - 'containers end-game'

[Balbir Singh <balbir@linux.vnet.ibm.com>]

* Serge E. Hallyn <serue@us.ibm.com> [2009-06-30 15:06:13]:

> Quoting Balbir Singh (balbir@linux.vnet.ibm.com):
> > On Tue, Jun 23, 2009 at 8:26 PM, Serge E. Hallyn<serue@us.ibm.com> wrote:
> > > A topic on ksummit agenda is 'containers end-game and how do we
> > > get there'.
> > >
> > > So for starters, looking just at application (and system) containers, what do
> > > the libvirt and liblxc projects want to see in kernel support that is currently
> > > missing?  Are there specific things that should be done soon to make containers
> > > more useful and usable?
> > >
> > > More generally, the topic raises the question... what 'end-games' are there?
> > > A few I can think of off-hand include:
> > >
> > >        1. resource control
> > 
> > We intend to hold a io-controller minisummit before KS, we should have
> > updates on that front. We also need to discuss CPU hard limits and
> > Memory soft limits. We need control for memory large page, mlock, OOM
> > notification support, shared page accounting, etc. Eventually on the
> > libvirt front, we want to isolate cgroup and lxc support into
> > individual components (long term)
> 
> Thanks, Balbir.  By the last sentence, are you talking about having
> cgroup in its own libcgroup, or do you mean something else?
> 
> On the topic of cgroups, does anyone not agree that we should try
> to get rid of the ns cgroup, at least once user namespaces can
> prevent root in a container from escaping their cgroup?
>

I would have no objections to trying to obsolete ns cgroup once user
namespaces can do what you suggest. 

-- 
	Balbir