From: Hubertus Franke <frankeh@watson.ibm.com>
To: "Serge E. Hallyn" <serue@us.ibm.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
linux-kernel@vger.kernel.org,
"Alan Cox <alan@lxorguk.ukuu.org.uk> Dave Hansen"
<haveblue@us.ibm.com>, Arjan van de Ven <arjan@infradead.org>,
Suleiman Souhlal <ssouhlal@FreeBSD.org>,
Cedric Le Goater <clg@fr.ibm.com>
Subject: Re: RFC: Multiple instances of kernel namespaces.
Date: Fri, 20 Jan 2006 15:22:45 -0500 [thread overview]
Message-ID: <43D14695.3000102@watson.ibm.com> (raw)
In-Reply-To: <20060120201353.GA13265@sergelap.austin.ibm.com>
Serge E. Hallyn wrote:
> Quoting Eric W. Biederman (ebiederm@xmission.com):
>
>>At this point I have to confess I have been working on something
>>similar, to IBM's pid virtualization work. But I have what is at
>>least for me a unifying concept, that makes things easier to think
>>about.
>>
>>The idea is to think about things in terms of namespaces. Currently
>>in the kernel we have the fs/mount namespace already implemented.
>>
>>Partly this helps on what the interface for creating a new namespace
>>instance should be. 'clone(CLONE_NEW<NAMESPACE_TYPE>)', and how
>>it should be managed from the kernel data structures.
>>
>>Partly thinking of things as namespaces helps me scope the problem.
>>
>>Does this sound like a sane approach?
>
>
> And a bonus of this is that for security and vserver-type applications,
> the CLONE_NEWPID and CLONE_NEWFS will often happen at the same time.
>
> How do you (or do you?) address naming namespaces? This would be
> necessary for transitioning into an existing namespace, performing
> actions on existing namespaces (i.e. checkpoint, migrate to another
> machine, enter the namespace and kill pid 521), and would just be
> useful for accounting purposes, i.e. how else do you have a
> "ps --all-namespaces" specify a process' namespace?
>
> Doubt we want to add an argument to clone(), so do we just add a new
> proc, sysfs, or syscall for setting a pid-namespace name?
>
> Do we need a new syscall for transitioning into an existing namespace?
>
> thanks,
> -serge
>
Just addressed a few of this in my previous reply to the other thread.
However, question here is whether the container (as we used it) provides
the "binding" object for these clones. One question for me then is
whether cloning of namespaces is always done in tandem.
As you are bringing the migration up, we can only clone fully contained
namespaces ! One could make that a condition of the migration or build
it right into the initial structure. Any thoughts on that ?
-- Hubertus
next prev parent reply other threads:[~2006-01-20 20:22 UTC|newest]
Thread overview: 136+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-01-17 14:32 RFC [patch 00/34] PID Virtualization Overview Serge Hallyn
2006-01-17 14:32 ` RFC [patch 01/34] PID Virtualization Change pid accesses: drivers Serge Hallyn
2006-01-17 14:33 ` RFC [patch 02/34] PID Virtualization Change pid accesses: most archs Serge Hallyn
2006-01-17 14:33 ` RFC [patch 03/34] PID Virtualization Change pid accesses: filesystems Serge Hallyn
2006-01-17 14:33 ` RFC [patch 04/34] PID Virtualization Change pid accesses: include/ Serge Hallyn
2006-01-17 14:33 ` RFC [patch 05/34] PID Virtualization Change pid accesses: ipc Serge Hallyn
2006-01-17 14:33 ` RFC [patch 06/34] PID Virtualization Change pid accesses: kernel/ Serge Hallyn
2006-01-17 14:33 ` RFC [patch 07/34] PID Virtualization Change pid accesses: lib/ Serge Hallyn
2006-01-17 14:33 ` RFC [patch 08/34] PID Virtualization Change pid accesses: mm/ Serge Hallyn
2006-01-17 14:33 ` RFC [patch 09/34] PID Virtualization Change pid accesses: net/ Serge Hallyn
2006-01-17 14:33 ` RFC [patch 10/34] PID Virtualization Change pid accesses: security/ Serge Hallyn
2006-01-17 14:33 ` RFC [patch 11/34] PID Virtualization Change pid accesses: sound/ Serge Hallyn
2006-01-17 14:33 ` RFC [patch 12/34] PID Virtualization Change pid accesses: ia64 and mips Serge Hallyn
2006-01-17 14:33 ` RFC [patch 13/34] PID Virtualization Define new task_pid api Serge Hallyn
2006-01-17 15:32 ` Arjan van de Ven
2006-01-17 15:56 ` Serge E. Hallyn
2006-01-17 16:02 ` Arjan van de Ven
2006-01-17 16:03 ` Alan Cox
2006-01-17 17:16 ` Kyle Moffett
2006-01-17 17:25 ` Dave Hansen
2006-01-18 4:54 ` Greg KH
2006-01-18 4:55 ` Greg KH
2006-01-18 16:23 ` Dave Hansen
2006-01-20 17:00 ` Eric W. Biederman
2006-01-20 20:18 ` Hubertus Franke
2006-01-21 10:25 ` Eric W. Biederman
2006-01-23 18:38 ` Hubertus Franke
2006-01-23 18:48 ` Eric W. Biederman
2006-01-21 14:42 ` Eric W. Biederman
2006-01-22 6:43 ` Kyle Moffett
2006-01-22 15:48 ` Eric W. Biederman
2006-01-22 15:55 ` Arjan van de Ven
2006-01-22 16:24 ` Eric W. Biederman
2006-01-26 20:01 ` Herbert Poetzl
2006-01-27 9:04 ` Eric W. Biederman
2006-01-27 12:27 ` Kyle Moffett
2006-01-27 13:15 ` Eric W. Biederman
2006-01-23 18:50 ` Hubertus Franke
2006-01-23 19:28 ` Eric W. Biederman
2006-01-23 21:11 ` Alan Cox
2006-01-23 21:30 ` Eric W. Biederman
2006-01-23 22:15 ` Hubertus Franke
2006-01-24 6:56 ` Arjan van de Ven
2006-01-24 19:34 ` Eric W. Biederman
2006-01-24 21:09 ` Hubertus Franke
2006-01-24 0:22 ` Alan Cox
2006-01-24 19:26 ` Eric W. Biederman
2006-01-24 21:11 ` Alan Cox
2006-01-24 21:15 ` Arjan van de Ven
2006-01-25 9:58 ` Eric W. Biederman
2006-01-25 15:10 ` Trond Myklebust
2006-01-25 18:01 ` Eric W. Biederman
2006-01-25 19:30 ` Trond Myklebust
2006-01-25 21:59 ` Eric W. Biederman
2006-01-25 9:13 ` Eric W. Biederman
2006-01-25 9:51 ` Eric W. Biederman
2006-01-26 20:23 ` Herbert Poetzl
2006-01-27 8:28 ` Eric W. Biederman
[not found] ` <m1k6cqlmfe.fsf_-_@ebiederm.dsl.xmission.com>
2006-01-23 21:57 ` RFC: [PATCH] pids as weak references Dave Hansen
2006-01-31 21:02 ` RFC [patch 13/34] PID Virtualization Define new task_pid api Linus Torvalds
2006-02-01 0:01 ` Hubertus Franke
2006-02-01 4:18 ` Eric W. Biederman
2006-02-01 4:39 ` Linus Torvalds
2006-02-01 7:14 ` Eric W. Biederman
2006-02-01 16:41 ` Dave Hansen
2006-02-02 5:14 ` Herbert Poetzl
2006-02-01 16:29 ` Greg
2006-02-01 16:44 ` Eric W. Biederman
2006-02-02 13:50 ` Greg
2006-02-02 14:09 ` Eric W. Biederman
2006-02-02 14:48 ` Kirill Korotaev
2006-02-02 15:13 ` Eric W. Biederman
2006-02-02 15:26 ` Kirill Korotaev
2006-02-02 15:51 ` Eric W. Biederman
2006-02-02 16:05 ` Kirill Korotaev
2006-02-02 16:27 ` Eric W. Biederman
2006-02-02 21:32 ` Cedric Le Goater
2006-02-02 21:43 ` Hubertus Franke
2006-02-02 21:46 ` Eric W. Biederman
2006-02-03 10:07 ` Kirill Korotaev
2006-02-03 10:52 ` Kirill Korotaev
2006-02-03 11:09 ` Eric W. Biederman
2006-02-03 15:45 ` Dave Hansen
2006-02-03 16:35 ` Kirill Korotaev
2006-02-02 21:10 ` Cedric Le Goater
2006-02-02 21:24 ` Eric W. Biederman
2006-02-06 20:15 ` Pavel Machek
2006-02-06 20:34 ` Eric W. Biederman
2006-02-06 20:36 ` Kirill Korotaev
2006-02-06 20:40 ` Eric W. Biederman
2006-02-02 14:49 ` Kirill Korotaev
2006-01-17 14:33 ` RFC [patch 14/34] PID Virtualization const parameter for process group Serge Hallyn
2006-01-17 14:33 ` RFC [patch 15/34] PID Virtualization task virtual pid access functions Serge Hallyn
2006-01-17 14:33 ` RFC [patch 16/34] PID Virtualization return virtual pids where required Serge Hallyn
2006-01-17 14:33 ` RFC [patch 17/34] PID Virtualization return virtual process group ids Serge Hallyn
2006-01-17 14:33 ` RFC [patch 18/34] PID Virtualization code enhancements for virtual pids in /proc Serge Hallyn
2006-01-17 14:33 ` RFC [patch 19/34] PID Virtualization Define pid_to_vpid functions Serge Hallyn
2006-01-17 14:33 ` RFC [patch 20/34] PID Virtualization Use pid_to_vpid conversion functions Serge Hallyn
2006-01-17 14:33 ` RFC [patch 21/34] PID Virtualization file owner pid virtualization Serge Hallyn
2006-01-17 14:33 ` RFC [patch 22/34] PID Virtualization define vpid_to_pid functions Serge Hallyn
2006-01-17 14:33 ` RFC [patch 23/34] PID Virtualization Use " Serge Hallyn
2006-01-17 14:33 ` RFC [patch 24/34] PID Virtualization use vpgid_to_pgid function Serge Hallyn
2006-01-17 14:33 ` RFC [patch 25/34] PID Virtualization Context for pid_to_vpid conversition functions Serge Hallyn
2006-01-17 14:33 ` RFC [patch 26/34] PID Virtualization Documentation Serge Hallyn
2006-01-17 14:33 ` RFC [patch 27/34] PID Virtualization pidspace Serge Hallyn
2006-01-17 14:33 ` RFC [patch 28/34] PID Virtualization container object and functions Serge Hallyn
2006-01-17 14:33 ` RFC [patch 29/34] PID Virtualization container attach/detach calls Serge Hallyn
2006-01-17 14:33 ` RFC [patch 30/34] PID Virtualization /proc/container filesystem Serge Hallyn
2006-01-17 14:33 ` RFC [patch 31/34] PID Virtualization Implementation of low level virtualization functions Serge Hallyn
2006-01-17 14:33 ` RFC [patch 32/34] PID Virtualization Handle special case vpid return cases Serge Hallyn
2006-01-17 14:33 ` RFC [patch 33/34] PID Virtualization per container /proc filesystem Serge Hallyn
2006-01-17 14:33 ` RFC [patch 34/34] PID Virtualization pidspace parent : signal behavior Serge Hallyn
2006-01-17 16:19 ` RFC [patch 00/34] PID Virtualization Overview Suleiman Souhlal
2006-01-17 17:08 ` Dave Hansen
2006-01-17 18:09 ` Suleiman Souhlal
2006-01-17 18:12 ` Dave Hansen
2006-01-17 18:29 ` Alan Cox
2006-01-18 19:01 ` Dave Hansen
2006-01-18 19:28 ` Arjan van de Ven
2006-01-18 19:38 ` Dave Hansen
2006-01-18 19:50 ` Arjan van de Ven
2006-01-18 22:54 ` Alan Cox
2006-01-19 7:15 ` Arjan van de Ven
2006-01-20 5:11 ` Eric W. Biederman
2006-01-20 20:23 ` Serge E. Hallyn
2006-01-20 20:33 ` Hubertus Franke
2006-01-21 10:34 ` Eric W. Biederman
2006-01-20 19:53 ` RFC: Multiple instances of kernel namespaces Eric W. Biederman
2006-01-20 20:13 ` Serge E. Hallyn
2006-01-20 20:22 ` Hubertus Franke [this message]
[not found] ` <20060120203555.GC13265@sergelap.austin.ibm.com>
2006-01-20 21:47 ` Hubertus Franke
2006-01-21 10:04 ` Eric W. Biederman
2006-01-26 19:47 ` Herbert Poetzl
2006-01-26 20:13 ` Eric W. Biederman
2006-01-26 20:27 ` Herbert Poetzl
2006-01-21 10:31 ` RFC [patch 00/34] PID Virtualization Overview Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43D14695.3000102@watson.ibm.com \
--to=frankeh@watson.ibm.com \
--cc=arjan@infradead.org \
--cc=clg@fr.ibm.com \
--cc=ebiederm@xmission.com \
--cc=haveblue@us.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=serue@us.ibm.com \
--cc=ssouhlal@FreeBSD.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox