Linux Container Development
 help / color / mirror / Atom feed
From: Daniel Lezcano <daniel.lezcano-GANU6spQydw@public.gmane.org>
To: "H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
Cc: kyle-hoO6YkzgTuCM0SS3m2neIg@public.gmane.org,
	"David C. Hansen"
	<haveblue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>,
	bastian-yyjItF7Rl6lg9hUCZPvPmw@public.gmane.org,
	ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org,
	containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org,
	sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org,
	alan-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org,
	xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org
Subject: Re: [PATCH 0/9] Multiple devpts instances
Date: Thu, 19 Feb 2009 19:09:45 +0100	[thread overview]
Message-ID: <499DA069.3040603@free.fr> (raw)
In-Reply-To: <499D97B1.1090902-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>

H. Peter Anvin wrote:
> Daniel Lezcano wrote:
>   
>> sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org wrote:
>>     
>>> Enable multiple instances of devpts filesystem so each container can
>>> allocate
>>> ptys independently.
>>>   
>>>       
>> Hi suka,
>>
>> It looks like the /proc/sys/kernel/pty/max and nr are not virtualized.
>> Modifying in the container the "max" pty, that impacts the init_pty.
>> Same as nr which does not show the real number of pty allocated for the
>> container.
>>
>> Are you planning to fix this ?
>>
>>     
>
> That's a separate issue, i.e. a resource allocation
> localization/globalization issue.  The main reason for these limits is
> top put a cap on the amount of low kernel memory used on 32-bit systems
> especially, which is somewhat inherently global.
>
> Resource limit partitioning is a much bigger and orthogonal problem.
>   
In this case we don't have the pty allocated independently, no ?
I mean one container can allocate 4095 pty, making a pty starvation for 
others containers. Or imagine I am a vilain and I want to mess the other 
containers, I can do echo 0 > /proc/sys/kernel/pty/max.
AFAIR, we said people making isolation of a resource is in charge (if it 
is relevant), to take into account the /proc/sys part.

For example, making the network per namespace all the network 
configuration variable located in /proc/sys/net are per namespace too. 
When it is irrelevant the file is read-only or just not displayed.

IMHO, pty/max and pty/nr is part of the "multiple devpts instances" feature.

  parent reply	other threads:[~2009-02-19 18:09 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-10-15  5:30 [PATCH 0/9] Multiple devpts instances sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
     [not found] ` <20081015053000.GA2039-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-10-15  5:33   ` [PATCH 1/9] Remove devpts_root global sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
2008-10-15  5:33   ` [PATCH 2/9] Per-mount allocated_ptys sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
2008-10-15  5:34   ` [PATCH 3/9] Per-mount 'config' object sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
2008-10-15  5:35   ` [PATCH 4/9] Extract option parsing to new function sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
2008-10-15  5:35   ` [PATCH 5/9] Add DEVPTS_MULTIPLE_INSTANCES config token sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
2008-10-15  5:36   ` [PATCH 6/9] Define mknod_ptmx() sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
2008-10-15  5:37   ` [PATCH 7/9] Define get_init_pts_sb() sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
2008-10-15  5:37   ` [PATCH 8/9] Enable multiple instances of devpts sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
2008-10-15  5:38   ` [PATCH 9/9] Document usage of multiple-instances " sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
     [not found]     ` <20081015053800.GI2215-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-10-15 18:57       ` Serge E. Hallyn
     [not found]         ` <20081015185722.GA30005-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-10-15 19:03           ` H. Peter Anvin
     [not found]             ` <48F63E76.3030907-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2008-10-15 19:48               ` Serge E. Hallyn
2008-10-16 15:19   ` [PATCH 0/9] Multiple devpts instances Serge E. Hallyn
2009-02-19 15:43   ` Daniel Lezcano
     [not found]     ` <499D7E13.10601-GANU6spQydw@public.gmane.org>
2009-02-19 17:32       ` H. Peter Anvin
     [not found]         ` <499D97B1.1090902-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2009-02-19 18:09           ` Daniel Lezcano [this message]
     [not found]             ` <499DA069.3040603-GANU6spQydw@public.gmane.org>
2009-02-19 19:58               ` H. Peter Anvin
     [not found]                 ` <499DB9DA.2070301-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2009-02-19 22:28                   ` Eric W. Biederman
     [not found]                     ` <m1vdr6xdqv.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2009-02-20  4:22                       ` H. Peter Anvin
2009-02-19 22:42                   ` Daniel Lezcano
     [not found]                     ` <499DE06E.4030108-GANU6spQydw@public.gmane.org>
2009-02-19 22:46                       ` H. Peter Anvin
2009-02-19 23:59                       ` Eric W. Biederman
     [not found]                         ` <m1eixuvv00.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2009-02-23 20:56                           ` Serge E. Hallyn
     [not found]                             ` <20090223205609.GA32351-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-02-23 21:18                               ` H. Peter Anvin
     [not found]                                 ` <49A31299.8040501-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2009-02-23 22:27                                   ` Serge E. Hallyn
2009-02-24  4:09                                   ` Eric W. Biederman
2009-02-23 21:19                               ` Daniel Lezcano
     [not found]                                 ` <49A312E6.9090900-GANU6spQydw@public.gmane.org>
2009-02-23 21:23                                   ` H. Peter Anvin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=499DA069.3040603@free.fr \
    --to=daniel.lezcano-ganu6spqydw@public.gmane.org \
    --cc=alan-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org \
    --cc=bastian-yyjItF7Rl6lg9hUCZPvPmw@public.gmane.org \
    --cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
    --cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
    --cc=haveblue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
    --cc=hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org \
    --cc=kyle-hoO6YkzgTuCM0SS3m2neIg@public.gmane.org \
    --cc=sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org \
    --cc=xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox