From: Greg KH <gregkh@linuxfoundation.org>
To: Lukasz Pawelczyk <havner@gmail.com>
Cc: linux-input@vger.kernel.org, linux-kernel@vger.kernel.org,
libvir-list@redhat.com, lxc-devel@lists.linuxcontainers.org,
systemd-devel@lists.freedesktop.org,
David Herrmann <dh.herrmann@gmail.com>
Subject: Re: [systemd-devel] Suspending access to opened/active /dev/nodes during application runtime
Date: Fri, 7 Mar 2014 11:09:39 -0800 [thread overview]
Message-ID: <20140307190939.GA8082@kroah.com> (raw)
In-Reply-To: <E7B2439D-FF36-4353-8E1A-C58E5C33A89F@gmail.com>
On Fri, Mar 07, 2014 at 07:46:44PM +0100, Lukasz Pawelczyk wrote:
> Problem:
> Has anyone thought about a mechanism to limit/remove an access to a
> device during an application runtime? Meaning we have an application
> that has an open file descriptor to some /dev/node and depending on
> *something* it gains or looses the access to it gracefully (with or
> without a notification, but without any fatal consequences).
>
> Example:
> LXC. Imagine we have 2 separate containers. Both running full operating
> systems. Specifically with 2 X servers. Both running concurrently of
> course. Both need the same input devices (e.g. we have just one mouse).
Stop right there.
If they "both" need an input device, then they should use the "shared"
input device stream, i.e. evdev.
And it goes the same for every type of device the kernel is exposing to
userspace, if you want to "share" them, then you need to work on
changing the kernel to be able to handle shared devices.
And odds are, you will get back a big "as-if" comment from the kernel
developers, as for almost all devices, they can't be shared, for very
good reasons.
So work down the list of devices you really need access to, and either
work to provide a way for the kernel to mediate them, or, work to only
have one "container" access to one device, and not have all containers
access to it at the same time.
This has been discussed many times in the past, on mailing lists and in
person at the Linux Plumbers conference last year. This isn't a systemd
issue, it is a "you are using the kernel in ways it was not designed to
be used" issue.
good luck, you will need it...
greg k-h
next prev parent reply other threads:[~2014-03-07 19:07 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-07 18:46 Suspending access to opened/active /dev/nodes during application runtime Lukasz Pawelczyk
2014-03-07 19:09 ` Greg KH [this message]
2014-03-07 20:45 ` Lukasz Pawelczyk
2014-03-07 20:55 ` [systemd-devel] " Greg KH
-- strict thread matches above, loose matches on Subject: below --
2014-03-07 18:45 Lukasz Pawelczyk
2014-03-07 19:24 ` Lennart Poettering
2014-03-07 20:51 ` [systemd-devel] " Lukasz Pawelczyk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140307190939.GA8082@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=dh.herrmann@gmail.com \
--cc=havner@gmail.com \
--cc=libvir-list@redhat.com \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lxc-devel@lists.linuxcontainers.org \
--cc=systemd-devel@lists.freedesktop.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).