From: Manfred Spraul <manfred-nhLOkwUX5cPe2c5cEj3t2g@public.gmane.org>
To: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Cc: Rik van Riel <riel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Rafael Aquini <aquini-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Davidlohr Bueso <davidlohr.bueso-VXdhtT5mjnY@public.gmane.org>,
LKML <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Michael Kerrisk
<mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
1vier1-S0/GAf8tV78@public.gmane.org,
Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
Subject: Re: [PATCH 3/3] ipc namespace: copy settings from parent namespace
Date: Tue, 12 Aug 2014 22:39:05 +0200 [thread overview]
Message-ID: <53EA7B69.9060800@colorfullife.com> (raw)
In-Reply-To: <877g2ec7tg.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
Hi Eric,
On 08/12/2014 12:37 PM, Eric W. Biederman wrote:
> Manfred Spraul <manfred-nhLOkwUX5cPe2c5cEj3t2g@public.gmane.org> writes:
>
> Sigh. Patches for new code during the merge window. It is a really
> rotten time to look at new things.
>
>> Right now, each new IPC namespace starts with the kernel default values.
>> This means that changes that were made to the limits get overwritten.
>>
>> With this patch, a new namespace inherits the settings from the parent
>> namespace, which is less surprising.
> In principle I agree.
>
> In practice I have to ask what have you done to survey applications
> that use the ipc namespace to see if they will break with this change in
> semantics.
I know this is the wrong answer, but:
What I find are problems caused by the current behavior.
See e.g.:
https://bugzilla.redhat.com/show_bug.cgi?id=1004724
Some background:
The e.g. sysvshm limits were not updated for many years and many
applications only ran properly if sysvshm limits are increased.
(now the defaults are large, but only since ~3.15)
Increasing is simple: sysctl kernel.shmmax=<>, but somehow this
must happen inside the container.
Right now, the most common approach seems to be the solution from the
bugzilla above:
Just marc /proc as read-write and do it manually.
With the patch, the kernel would propagate the value from parent to child.
--
Manfred
next prev parent reply other threads:[~2014-08-12 20:39 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1407828557-31995-1-git-send-email-manfred@colorfullife.com>
[not found] ` <1407828557-31995-2-git-send-email-manfred@colorfullife.com>
[not found] ` <1407828557-31995-3-git-send-email-manfred@colorfullife.com>
[not found] ` <1407828557-31995-3-git-send-email-manfred-nhLOkwUX5cPe2c5cEj3t2g@public.gmane.org>
2014-08-12 7:29 ` [PATCH 3/3] ipc namespace: copy settings from parent namespace Manfred Spraul
[not found] ` <1407828557-31995-4-git-send-email-manfred-nhLOkwUX5cPe2c5cEj3t2g@public.gmane.org>
2014-08-12 10:37 ` Eric W. Biederman
[not found] ` <877g2ec7tg.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-08-12 20:39 ` Manfred Spraul [this message]
2014-08-15 13:42 ` Rafael Aquini
[not found] <1401389200-6758-1-git-send-email-manfred@colorfullife.com>
[not found] ` <1401389200-6758-2-git-send-email-manfred@colorfullife.com>
[not found] ` <1401389200-6758-3-git-send-email-manfred@colorfullife.com>
[not found] ` <1401389200-6758-4-git-send-email-manfred@colorfullife.com>
[not found] ` <1401389200-6758-4-git-send-email-manfred-nhLOkwUX5cPe2c5cEj3t2g@public.gmane.org>
2014-06-05 12:54 ` Michael Kerrisk (man-pages)
[not found] ` <CAKgNAkj+7foMQkZixytZSb9sJrBB6yoCb1Sik7ODBqoGiNx0Gg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-06-06 13:57 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53EA7B69.9060800@colorfullife.com \
--to=manfred-nhlokwux5cpe2c5cej3t2g@public.gmane.org \
--cc=1vier1-S0/GAf8tV78@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=aquini-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=davidlohr.bueso-VXdhtT5mjnY@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=riel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox