From: Matt Helsley <matthltc@us.ibm.com>
To: Hubertus Franke <frankeh@watson.ibm.com>
Cc: Dave Hansen <haveblue@us.ibm.com>,
Gerrit Huizenga <gh@us.ibm.com>,
CKRM-Tech <ckrm-tech@lists.sourceforge.net>,
LKML <linux-kernel@vger.kernel.org>,
LSE <lse-tech@lists.sourceforge.net>,
vserver@list.linux-vserver.org, Andrew Morton <akpm@osdl.org>,
Rik van Riel <riel@redhat.com>,
pagg@oss.sgi.com
Subject: Re: [ckrm-tech] Re: [RFC][patch 00/21] PID Virtualization: Overview and Patches
Date: Fri, 16 Dec 2005 17:18:18 -0800 [thread overview]
Message-ID: <1134782298.10396.337.camel@stark> (raw)
In-Reply-To: <1134776864.28779.19.camel@elg11.watson.ibm.com>
On Fri, 2005-12-16 at 18:47 -0500, Hubertus Franke wrote:
> On Fri, 2005-12-16 at 09:35 -0800, Dave Hansen wrote:
<snip>
> > I've been talking a lot lately about how important filesystem isolation
> > between containers is to implement containers properly. Isolating the
> > filesystem namespaces makes it much easier to do things like fs-based
> > shared memory during a checkpoint/resume. If we want to allow tasks to
> > move around, we'll have to throw out this entire concept. That means
> > that a _lot_ of things get a notch closer to the too-costly-to-implement
> > category.
> >
>
> Not only that, as the example of pids already show, while at the surface
> these might seem as desirable features ( particular since they came up
> wrt to the CKRM discussion ), there are significant technical limitation
> to these.
Perhaps merging the container process grouping functionality is not a
good idea.
However, I think CKRM could be made minimally consistent with
containers using a few small modifications. I suspect all that is
necessary is:
1) Expanding the pid syntax accepted and reported when accessing the
members file to include an optional container id:
# classify init in container 0 to a class
echo 0:1 >> ${RCFS}/class_foo/members
echo :1 >> ${RCFS}/class_foo/members
# while in container 0 classify init in container 0 to a class
echo 1 >> ${RCFS}/class_foo/members
# while in container 0 classify init in container 3 to a class
echo 3:1 >> ${RCFS}/class_foo/bar_class/members
Then pids in container 0 would show up as cid:pid
$ cat ${RCFS}/class_foo/members
0:1
5:2
...
3:4
Processes listing members in container n would only see the pid
and only pids in that container.
2) Limiting the pids and container ids accepted as input to the members
file from processes doing classification from within containers:
# classify init in the current container to a class
echo :1 >> ${RCFS}/class_foo/members
echo 1 >> ${RCFS}/class_foo/members
# returns an error when not in container 0
echo 0:1 >> ${RCFS}/class_foo/members
# returns an error when not in container 1
echo 1:1 >> ${RCFS}/class_foo/members
...
(Incidentally these kind of details are what I was referring to earlier
in this thread as "visibility boundaries")
I think this would be sufficient to make CKRM and containers play
nicely with each other. I suspect further kernel-enforced constraints
between CKRM and containers may constitute policy and not functionality.
<shameless_plug>I also suspect that with the right userspace
classification engine a wide variety of useful container resource
management policies could be enforced based on these simple
modifications.</shameless_plug>
Cheers,
-Matt Helsley
next prev parent reply other threads:[~2005-12-17 1:25 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-12-15 14:35 [RFC][patch 00/21] PID Virtualization: Overview and Patches Hubertus Franke
2005-12-15 14:35 ` [RFC][patch 01/21] PID Virtualization: const parameter for process group Hubertus Franke
2005-12-15 14:35 ` [RFC][patch 02/21] PID Virtualization: task virtual pid access functions Hubertus Franke
2005-12-15 14:36 ` [RFC][patch 03/21] PID Virtualization: return virtual pids where required Hubertus Franke
2005-12-15 14:36 ` [RFC][patch 04/21] PID Virtualization: return virtual process group ids Hubertus Franke
2005-12-15 14:36 ` [RFC][patch 05/21] PID Virtualization: code enhancements for virtual pids in /proc Hubertus Franke
2005-12-15 14:36 ` [RFC][patch 06/21] PID Virtualization: Define pid_to_vpid functions Hubertus Franke
2005-12-15 14:36 ` [RFC][patch 07/21] PID Virtualization: Use pid_to_vpid conversion functions Hubertus Franke
2005-12-15 14:36 ` [RFC][patch 08/21] PID Virtualization: file owner pid virtualization Hubertus Franke
2005-12-15 14:36 ` [RFC][patch 09/21] PID Virtualization: define vpid_to_pid functions Hubertus Franke
2005-12-15 14:36 ` [RFC][patch 10/21] PID Virtualization: Use " Hubertus Franke
2005-12-15 14:36 ` [RFC][patch 11/21] PID Virtualization: use vpgid_to_pgid function Hubertus Franke
2005-12-15 14:36 ` [RFC][patch 12/21] PID Virtualization: Context for pid_to_vpid conversition functions Hubertus Franke
2005-12-15 14:36 ` [RFC][patch 13/21] PID Virtualization: Documentation Hubertus Franke
2005-12-15 14:36 ` [RFC][patch 14/21] PID Virtualization: pidspace Hubertus Franke
2005-12-15 14:36 ` [RFC][patch 15/21] PID Virtualization: container object and functions Hubertus Franke
2005-12-15 14:36 ` [RFC][patch 16/21] PID Virtualization: container attach/detach calls Hubertus Franke
2005-12-15 14:36 ` [RFC][patch 17/21] PID Virtualization: /proc/container filesystem Hubertus Franke
2005-12-15 14:36 ` [RFC][patch 18/21] PID Virtualization: Implementation of low level virtualization functions Hubertus Franke
2005-12-15 14:36 ` [RFC][patch 19/21] PID Virtualization: Handle special case vpid return cases Hubertus Franke
2005-12-15 14:36 ` [RFC][patch 20/21] PID Virtualization: per container /proc filesystem Hubertus Franke
2005-12-15 14:36 ` [RFC][patch 21/21] PID Virtualization: pidspace parent : signal behavior Hubertus Franke
2005-12-15 19:49 ` [RFC][patch 00/21] PID Virtualization: Overview and Patches Gerrit Huizenga
2005-12-15 20:02 ` [ckrm-tech] " Dave Hansen
2005-12-15 20:12 ` Gerrit Huizenga
2005-12-15 22:52 ` Matt Helsley
2005-12-15 22:02 ` Hubertus Franke
2005-12-16 2:20 ` [ckrm-tech] " Matt Helsley
2005-12-16 3:28 ` Gerrit Huizenga
2005-12-16 17:35 ` Dave Hansen
2005-12-16 20:45 ` Gerrit Huizenga
2005-12-16 21:10 ` Dave Hansen
2005-12-16 23:40 ` Hubertus Franke
2005-12-16 23:47 ` Hubertus Franke
2005-12-17 1:18 ` Matt Helsley [this message]
2005-12-17 3:03 ` [Lse-tech] " Hubertus Franke
2005-12-17 1:38 ` Matt Helsley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1134782298.10396.337.camel@stark \
--to=matthltc@us.ibm.com \
--cc=akpm@osdl.org \
--cc=ckrm-tech@lists.sourceforge.net \
--cc=frankeh@watson.ibm.com \
--cc=gh@us.ibm.com \
--cc=haveblue@us.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lse-tech@lists.sourceforge.net \
--cc=pagg@oss.sgi.com \
--cc=riel@redhat.com \
--cc=vserver@list.linux-vserver.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox