From: Oren Laadan <orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
To: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Cc: Linux Containers
<containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>,
libvir-list-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
Daniel Lezcano <dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>,
Daniel Veillard
<veillard-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Subject: Re: kernel summit topic - 'containers end-game'
Date: Thu, 02 Jul 2009 14:38:35 -0400 [thread overview]
Message-ID: <4A4CFEAB.5080507@cs.columbia.edu> (raw)
In-Reply-To: <20090623145611.GB19332-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Serge E. Hallyn wrote:
> A topic on ksummit agenda is 'containers end-game and how do we
> get there'.
>
> So for starters, looking just at application (and system) containers, what do
> the libvirt and liblxc projects want to see in kernel support that is currently
> missing? Are there specific things that should be done soon to make containers
> more useful and usable?
>
> More generally, the topic raises the question... what 'end-games' are there?
> A few I can think of off-hand include:
>
> 1. resource control
> 2. lightweight virtual servers
> 3. (or 2.5) unprivileged containers/jail-on-steroids
> (lightweight virtual servers in which you might, just
> maybe, almost, be able to give away a root account, at
> least as much as you could do so with a kvm/qemu/xen
> partition)
> 4. checkpoint, restart, and migration
>
> For each end-game, what kernel pieces do we think are missing? For instance,
> people seem agreed that resource control needs io control :) Containers imo
> need a user namespace. I think there are quite a few network namespace
> exploiters who require sysfs directory tagging (or some equivalent) to
> allow us to migrate physical devices into network namespaces. And
> checkpoint/restart needs... checkpoint/restart.
Heh ... it does need ... checkpoint/restart; and a few issues
which we should think about sometime --
* Encapsulation of machine/OS config capabilities
- how to detect (versioning, capabilities) ?
- how to deal with mismatches ? (bail ? emulate ? hope for the best ?)
- what happens if, e.g. VDSO page changes, or how to detect FPU changes...
* Conversion of checkpoint image between kernel version (and automation)
* Network namespaces, mnt namespaces - what's the best approach ?
* Security assessment and brainstorming
* Appealing use-cases for everyday use:
- for hybernation
- to reboot to new kernel without losing your session
- to time travel back to before you lost in "bejewled"
* Userspace tools - mainly for inspection of checkpoint images
* Testing frameworks
* Distributed c/r ?
* Optimizations: low downtime, pre-copy, post-copy, cow, parallelization
Now I really go hide :p
Oren.
next prev parent reply other threads:[~2009-07-02 18:38 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-06-23 14:56 kernel summit topic - 'containers end-game' Serge E. Hallyn
2009-06-29 10:35 ` [libvirt] " Balbir Singh
2009-06-30 20:06 ` Serge E. Hallyn
2009-07-01 4:29 ` Balbir Singh
[not found] ` <20090630200613.GA22283-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-07-02 16:58 ` Daniel Lezcano
2009-07-02 16:43 ` [libvirt] " Daniel Lezcano
[not found] ` <4A4CE3A6.200-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2009-07-02 18:27 ` Oren Laadan
2009-07-06 14:51 ` [libvirt] " Serge E. Hallyn
2009-07-08 7:55 ` Daniel Lezcano
2009-07-08 13:45 ` Serge E. Hallyn
[not found] ` <20090623145611.GB19332-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-07-02 18:38 ` Oren Laadan [this message]
2009-07-06 14:34 ` Serge E. Hallyn
[not found] ` <20090706143401.GA16868-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-07-06 17:30 ` Oren Laadan
2009-07-06 18:48 ` [libvirt] " Serge E. Hallyn
[not found] ` <20090706184848.GA23819-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-07-07 15:36 ` Oren Laadan
[not found] ` <4A536B91.5010205-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2009-07-07 16:14 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A4CFEAB.5080507@cs.columbia.edu \
--to=orenl-eqauephvms7envbuuze7ea@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org \
--cc=libvir-list-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
--cc=veillard-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox