lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 31 May 2012 15:58:41 +0800
From:	Gao feng <gaofeng@...fujitsu.com>
To:	KOSAKI Motohiro <kosaki.motohiro@...il.com>
CC:	David Rientjes <rientjes@...gle.com>,
	Kamezawa Hiroyuki <kamezawa.hiroyu@...fujitsu.com>,
	hannes@...xchg.org, mhocko@...e.cz, bsingharora@...il.com,
	akpm@...ux-foundation.org, linux-kernel@...r.kernel.org,
	cgroups@...r.kernel.org, linux-mm@...ck.org,
	containers@...ts.linux-foundation.org
Subject: Re: [PATCH] meminfo: show /proc/meminfo base on container's memcg

于 2012年05月31日 15:42, KOSAKI Motohiro 写道:
> (5/31/12 3:35 AM), David Rientjes wrote:
>> On Thu, 31 May 2012, KOSAKI Motohiro wrote:
>>
>>>> As I said, LXC and namespace isolation is a tangent to the discussion of
>>>> faking the /proc/meminfo for the memcg context of a thread.
>>>
>>> Because of, /proc/meminfo affect a lot of libraries behavior. So, it's not only
>>> application issue. If you can't rewrite _all_ of userland assets, fake meminfo
>>> can't be escaped. Again see alternative container implementation.
>>>
>>
>> It's a tangent because it isn't a complete psuedo /proc/meminfo for all
>> threads attached to a memcg regardless of any namespace isolation; the LXC
>> solution has existed for a couple of years by its procfs patchset that
>> overlaps procfs with fuse and can suppress or modify any output in the
>> context of a memory controller using things like
>> memory.{limit,usage}_in_bytes.  I'm sure all other fields could be
>> modified if outputted in some structured way via memcg; it looks like
>> memory.stat would need to be extended to provide that.  If that's mounted
>> prior to executing the application, then your isolation is achieved and
>> all libraries should see the new output that you've defined in LXC.
>>
>> However, this seems like a seperate topic than the patch at hand which
>> does this directly to /proc/meminfo based on a thread's memcg context,
>> that's the part that I'm nacking.
> 
> Then, I NAKed current patch too. Yeah, current one is ugly. It assume _all_
> user need namespace isolation and it clearly is not.
> 
> 
>> I'd recommend to Gao to expose this
>> information via memory.stat and then use fuse and the procfs lxc support
>> as your way of contextualizing the resources.
> 
> It's one of a option. But, I seriously doubt fuse can make simpler than kamezawa-san's
> idea. But yeah, I might NACK kamezawa-san's one if he will post ugly patch.
> 

It seams I should do some homework to make the implement beautifully.

I think kamezawa-san's idea is more simpler.
thanks for your advice.

> 
> -- 
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ