From: Hubertus Franke <frankeh@watson.ibm.com>
To: Kirill Korotaev <dev@sw.ru>
Cc: "Serge E. Hallyn" <serue@us.ibm.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Sam Vilain <sam@vilain.net>, Rik van Riel <riel@redhat.com>,
Kirill Korotaev <dev@openvz.org>,
Linus Torvalds <torvalds@osdl.org>, Andrew Morton <akpm@osdl.org>,
linux-kernel@vger.kernel.org, clg@fr.ibm.com,
haveblue@us.ibm.com, greg@kroah.com, alan@lxorguk.ukuu.org.uk,
arjan@infradead.org, kuznet@ms2.inr.ac.ru, saw@sawoct.com,
devel@openvz.org, Dmitry Mishin <dim@sw.ru>,
Herbert Poetzl <herbert@13thfloor.at>
Subject: Re: The issues for agreeing on a virtualization/namespaces implementation.
Date: Wed, 08 Feb 2006 10:57:24 -0500 [thread overview]
Message-ID: <43EA14E4.4030806@watson.ibm.com> (raw)
In-Reply-To: <43EA0FDB.9050008@sw.ru>
Kirill Korotaev wrote:
>>> Eric W. Biederman wrote:
>>> So it seems the clone( flags ) is a reasonable approach to create new
>>> namespaces. Question is what is the initial state of each namespace?
>>> In pidspace we know we should be creating an empty pidmap !
>>> In network, someone suggested creating a loopback device
>>> In uts, create "localhost"
>>> Are there examples where we rather inherit ? Filesystem ?
>>
>> Of course filesystem is already implemented, and does inheret a full
>> copy.
>
>
> why do we want to use clone()? Just because of its name and flags?
> I think it is really strange to fork() to create network context. What
> has process creation has to do with it?
>
> After all these clone()'s are called, some management actions from host
> system are still required, to add these IPs/routings/etc.
> So? Why mess it up? Why not create a separate clean interface for
> container management?
>
> Kirill
>
We need a "init" per container, which represents the context of the
system represented by the container.
If that is the case, then why not create the container such that
we specify what namespaces need to be new for a container at
the container creation time and initialize them to a well understood
state that makes sense (e.g. copy namespace (FS, uts) , new fresh state (pid) ).
Then use the standard syscall to modify state (now "virtualized" through
the task->xxx_namespace access ).
Do you see a need to change the namespace of a container after it
has been created. I am not referring to the state of the namespace
but truely moving to a completely different namespace after the
container has been created.
Obviously you seem to have some other usage in mind, beyond what my
limited vision can see. Can you share some of those examples, because
that would help this discussion along ...
Thanks a 10^6.
-- Hubertus
next prev parent reply other threads:[~2006-02-08 15:57 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-02-06 21:57 [PATCH 1/4] Virtualization/containers: introduction Kirill Korotaev
2006-02-06 22:12 ` [PATCH 2/4] Virtualization/containers: CONFIG_CONTAINER Kirill Korotaev
2006-02-06 22:17 ` [PATCH 3/4] Virtualization/containers: UID hash Kirill Korotaev
2006-02-06 22:22 ` [PATCH 4/4] Virtualization/containers: uts name Kirill Korotaev
2006-02-06 23:00 ` [PATCH 1/4] Virtualization/containers: introduction Dave Hansen
2006-02-07 12:24 ` Kirill Korotaev
2006-02-07 3:34 ` Eric W. Biederman
2006-02-07 3:40 ` Rik van Riel
2006-02-07 6:30 ` Sam Vilain
2006-02-07 11:51 ` Kirill Korotaev
2006-02-07 14:31 ` Eric W. Biederman
2006-02-07 15:42 ` Eric W. Biederman
2006-02-07 16:18 ` Kirill Korotaev
2006-02-07 17:20 ` Eric W. Biederman
2006-02-07 22:43 ` Sam Vilain
2006-02-07 16:57 ` Hubertus Franke
2006-02-07 20:19 ` Serge E. Hallyn
2006-02-07 20:46 ` Hubertus Franke
2006-02-07 22:00 ` Eric W. Biederman
2006-02-07 22:19 ` Hubertus Franke
2006-02-07 22:06 ` The issues for agreeing on a virtualization/namespaces implementation Eric W. Biederman
2006-02-07 23:35 ` Hubertus Franke
2006-02-08 0:43 ` Alexey Kuznetsov
2006-02-08 2:49 ` Eric W. Biederman
2006-02-08 3:36 ` Serge E. Hallyn
2006-02-08 3:52 ` Eric W. Biederman
2006-02-08 4:37 ` Herbert Poetzl
2006-02-08 4:46 ` Eric W. Biederman
2006-02-08 19:24 ` Stephen Hemminger
2006-02-08 5:23 ` Eric W. Biederman
2006-02-08 14:40 ` Hubertus Franke
2006-02-08 15:17 ` Serge E. Hallyn
2006-02-08 15:35 ` Kirill Korotaev
2006-02-08 15:57 ` Hubertus Franke [this message]
2006-02-08 19:02 ` Herbert Poetzl
2006-02-08 16:48 ` Eric W. Biederman
2006-02-08 17:46 ` Eric W. Biederman
2006-02-08 18:03 ` Serge E. Hallyn
2006-02-08 18:31 ` Hubertus Franke
2006-02-08 20:21 ` Dave Hansen
2006-02-08 21:22 ` Serge E. Hallyn
2006-02-08 22:28 ` Eric W. Biederman
2006-02-20 12:11 ` Kirill Korotaev
2006-02-20 12:41 ` Herbert Poetzl
2006-02-20 14:26 ` Kirill Korotaev
2006-02-20 15:16 ` Herbert Poetzl
2006-02-08 4:56 ` Herbert Poetzl
2006-02-08 14:38 ` Serge E. Hallyn
2006-02-08 14:51 ` Hubertus Franke
2006-02-09 4:45 ` Kyle Moffett
2006-02-09 5:41 ` Eric W. Biederman
2006-02-09 22:25 ` Eric W. Biederman
2006-02-07 22:58 ` [PATCH 1/4] Virtualization/containers: introduction Sam Vilain
2006-02-07 23:18 ` Hubertus Franke
2006-02-08 5:03 ` Eric W. Biederman
2006-02-08 14:13 ` Hubertus Franke
2006-02-08 15:44 ` Kirill Korotaev
2006-02-08 16:39 ` Eric W. Biederman
2006-02-08 2:08 ` Kevin Fox
2006-02-08 1:16 ` Sam Vilain
2006-02-08 4:21 ` Paul Jackson
2006-02-08 15:36 ` Kirill Korotaev
2006-02-08 17:16 ` Eric W. Biederman
2006-02-08 20:43 ` Dave Hansen
2006-02-08 21:04 ` Eric W. Biederman
2006-02-07 12:14 ` Kirill Korotaev
2006-02-07 14:06 ` Eric W. Biederman
2006-02-07 14:52 ` Rik van Riel
2006-02-07 15:13 ` Eric W. Biederman
2006-02-09 0:24 ` Eric W. Biederman
2006-02-09 2:18 ` Jeff Dike
2006-02-09 3:16 ` Eric W. Biederman
2006-02-09 14:28 ` Kirill Korotaev
2006-02-09 15:40 ` Jeff Dike
2006-02-09 15:49 ` Kirill Korotaev
2006-02-09 17:50 ` Jeff Dike
2006-02-09 16:38 ` Hubertus Franke
2006-02-09 17:48 ` Jeff Dike
2006-02-09 22:09 ` Sam Vilain
2006-02-09 21:56 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43EA14E4.4030806@watson.ibm.com \
--to=frankeh@watson.ibm.com \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=arjan@infradead.org \
--cc=clg@fr.ibm.com \
--cc=dev@openvz.org \
--cc=dev@sw.ru \
--cc=devel@openvz.org \
--cc=dim@sw.ru \
--cc=ebiederm@xmission.com \
--cc=greg@kroah.com \
--cc=haveblue@us.ibm.com \
--cc=herbert@13thfloor.at \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=riel@redhat.com \
--cc=sam@vilain.net \
--cc=saw@sawoct.com \
--cc=serue@us.ibm.com \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox