From: Sam Vilain <sam@vilain.net>
To: Dave Hansen <haveblue@us.ibm.com>
Cc: Herbert Poetzl <herbert@13thfloor.at>,
"Eric W. Biederman" <ebiederm@xmission.com>,
"Serge E. Hallyn" <serue@us.ibm.com>, Kirill Korotaev <dev@sw.ru>,
linux-kernel@vger.kernel.org, vserver@list.linux-vserver.org,
Alan Cox <alan@lxorguk.ukuu.org.uk>,
Arjan van de Ven <arjan@infradead.org>,
Suleiman Souhlal <ssouhlal@FreeBSD.org>,
Hubertus Franke <frankeh@watson.ibm.com>,
Cedric Le Goater <clg@fr.ibm.com>,
Kyle Moffett <mrmacman_g4@mac.com>, Greg <gkurz@fr.ibm.com>,
Linus Torvalds <torvalds@osdl.org>, Andrew Morton <akpm@osdl.org>,
Greg KH <greg@kroah.com>, Rik van Riel <riel@redhat.com>,
Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
Andrey Savochkin <saw@sawoct.com>,
Kirill Korotaev <dev@openvz.org>, Andi Kleen <ak@suse.de>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Jeff Garzik <jgarzik@pobox.com>,
Trond Myklebust <trond.myklebust@fys.uio.no>,
Jes Sorensen <jes@sgi.com>
Subject: Re: (pspace,pid) vs true pid virtualization
Date: Fri, 17 Feb 2006 10:11:09 +1300 [thread overview]
Message-ID: <43F4EA6D.2040504@vilain.net> (raw)
In-Reply-To: <1140118693.21383.18.camel@localhost.localdomain>
Dave Hansen wrote:
> Brainstorming ... what do you think about having a special init process
> inside the child to act as a proxy of sorts? It is controlled by the
> parent vserver/container, and would not be subject to resource limits.
> It would not necessarily need to fork in order to kill other processes
> inside the vserver (not subject to resource limits). It could also
> continue when the rest of the guest was suspended.
> A pid killer would be ineffective against such a process because you
> can't kill init.
Well, another approach would be to create a new context which has
visibility over the other container as well as the ability to send
signals to it.
>>In general, I prefer to think of this as working
>>with nuclear material via an actuator from behind
>>a 4" lead wall -- you just do not want to go in
>>to fix things :)
> Where does that lead you? Having a single global pid space which the
> admin can see? Or, does a special set of system calls do it well
> enough?
I don't like this term "single global pid space". Two containers might
be able to see all processes on the system, one might have a flat
mapping to all PIDs < 64k (or pid_max), one with the XID,PID encoded
bitwise. They are both global pid spaces, but there is no "single" one,
unless that is all you compile in.
Sam.
next prev parent reply other threads:[~2006-02-16 21:11 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-02-15 14:59 (pspace,pid) vs true pid virtualization Serge E. Hallyn
2006-02-15 22:12 ` Eric W. Biederman
2006-02-16 14:29 ` Serge E. Hallyn
2006-02-16 16:37 ` Eric W. Biederman
2006-02-16 17:53 ` Serge E. Hallyn
2006-02-16 18:19 ` Eric W. Biederman
2006-02-16 18:44 ` Serge E. Hallyn
2006-02-16 18:52 ` Dave Hansen
2006-02-17 10:57 ` Eric W. Biederman
2006-02-17 11:44 ` Herbert Poetzl
2006-02-17 12:16 ` Eric W. Biederman
2006-02-17 12:44 ` Herbert Poetzl
2006-02-17 13:15 ` Eric W. Biederman
2006-02-17 13:39 ` Hubertus Franke
2006-02-17 21:40 ` Herbert Poetzl
2006-02-17 11:04 ` Eric W. Biederman
2006-02-20 10:06 ` Kirill Korotaev
2006-02-17 3:35 ` Hubertus Franke
2006-02-17 14:53 ` Serge E. Hallyn
2006-02-20 9:37 ` Kirill Korotaev
2006-02-20 12:47 ` Herbert Poetzl
2006-02-20 14:34 ` Kirill Korotaev
2006-02-20 15:27 ` Herbert Poetzl
2006-02-16 14:30 ` Herbert Poetzl
2006-02-16 15:37 ` Serge E. Hallyn
2006-02-16 17:13 ` Eric W. Biederman
2006-02-16 17:57 ` Serge E. Hallyn
2006-02-20 9:54 ` Kirill Korotaev
2006-02-20 18:19 ` Dave Hansen
2006-02-16 16:59 ` Eric W. Biederman
2006-02-16 17:41 ` Dave Hansen
2006-02-16 19:12 ` Herbert Poetzl
2006-02-16 19:38 ` Dave Hansen
2006-02-16 21:11 ` Sam Vilain [this message]
2006-02-20 10:10 ` Kirill Korotaev
2006-02-20 9:50 ` Kirill Korotaev
2006-02-20 13:00 ` Herbert Poetzl
2006-02-20 14:44 ` Kirill Korotaev
2006-02-20 15:36 ` Herbert Poetzl
2006-02-20 9:13 ` Kirill Korotaev
2006-02-20 18:07 ` Dave Hansen
2006-02-15 23:24 ` Sam Vilain
2006-02-16 5:50 ` Eric W. Biederman
2006-02-20 9:17 ` Kirill Korotaev
2006-02-20 20:01 ` Sam Vilain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43F4EA6D.2040504@vilain.net \
--to=sam@vilain.net \
--cc=ak@suse.de \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=arjan@infradead.org \
--cc=benh@kernel.crashing.org \
--cc=clg@fr.ibm.com \
--cc=dev@openvz.org \
--cc=dev@sw.ru \
--cc=ebiederm@xmission.com \
--cc=frankeh@watson.ibm.com \
--cc=gkurz@fr.ibm.com \
--cc=greg@kroah.com \
--cc=haveblue@us.ibm.com \
--cc=herbert@13thfloor.at \
--cc=jes@sgi.com \
--cc=jgarzik@pobox.com \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=mrmacman_g4@mac.com \
--cc=riel@redhat.com \
--cc=saw@sawoct.com \
--cc=serue@us.ibm.com \
--cc=ssouhlal@FreeBSD.org \
--cc=torvalds@osdl.org \
--cc=trond.myklebust@fys.uio.no \
--cc=vserver@list.linux-vserver.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox