| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 9 Mar 2007 01:53:57 +0100 From: Herbert Poetzl <herbert@...hfloor.at> To: "Eric W. Biederman" <ebiederm@...ssion.com> Cc: Paul Menage <menage@...gle.com>, ckrm-tech@...ts.sourceforge.net, linux-kernel@...r.kernel.org, xemul@...ru, pj@....com, winget@...gle.com, containers@...ts.osdl.org, akpm@...ux-foundation.org Subject: Re: [ckrm-tech] [PATCH 0/2] resource control file system - aka containers on top of nsproxy! On Wed, Mar 07, 2007 at 06:32:10PM -0700, Eric W. Biederman wrote: > "Paul Menage" <menage@...gle.com> writes: > >> On 3/7/07, Sam Vilain <sam@...ain.net> wrote: >>> But "namespace" has well-established historical semantics too - a way >>> of changing the mappings of local * to global objects. This >>> accurately describes things liek resource controllers, cpusets, resource >>> monitoring, etc. >> >> Sorry, I think this statement is wrong, by the generally established >> meaning of the term namespace in computer science. >> >>> Trying to extend the well-known term namespace to refer to things >>> that are semantically equivalent namespaces is a useful approach, >>> IMHO. >> >> Yes, that would be true. But the kinds of groupings that we're talking >> about are supersets of namespaces, not semantically equivalent to >> them. To use Eric's "shoe" analogy from earlier, it's like insisting >> that we use the term "sneaker" to refer to all footware, including ski >> boots and birkenstocks ... > > Pretty much. For most of the other cases I think we are safe referring > to them as resource controls or resource limits. > I know that roughly covers what cpusets and beancounters and ckrm > currently do. let me tell you, it also covers what Linux-VServer does :) > The real trick is that I believe these groupings are designed to > be something you can setup on login and then not be able to switch > out of. Which means we can't use sessions and process groups as the > grouping entities as those have different semantics. precisely, once you are inside a resource container, you must not have the ability to modify its limits, and to some degree, you should not know about the actual available resources, but only about the artificial limits HTC, Herbert > Eric > _______________________________________________ > Containers mailing list > Containers@...ts.osdl.org > https://lists.osdl.org/mailman/listinfo/containers - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists