| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <47CE8A67.3050109@amln.net> Date: Wed, 05 Mar 2008 13:56:23 +0200 From: Xpl++ <xpl@...n.net> To: Dhaval Giani <dhaval@...ux.vnet.ibm.com> CC: fedora-devel-list@...hat.com, opensuse-packaging@...nsuse.org, lkml <linux-kernel@...r.kernel.org>, containers@...ts.linux-foundation.org, Balbir Singh <balbir@...ibm.com>, menage@...gle.com, Peter Zijlstra <a.p.zijlstra@...llo.nl>, Srivatsa Vaddagiri <vatsa@...ux.vnet.ibm.com>, Sudhir Kumar <skumar@...ux.vnet.ibm.com> Subject: Re: [RFC] libcg: design and plans Hi Dhaval, Dhaval Giani ??????: >> I was wonder if creating such library makes any sense at all, considering >> the nature of cgroups, the way they work and their possible application? >> It seems to me that any attempt to create a 'simple' API would actualy >> result in something that will be much harder to use that just making raw >> mkdir/open/read/write/close operations. >> > > These simple APIs are nothing but raw mkdir/open/read/write/close > operations. > > Then why do you have to make the api? Everybody knows how to user these syscalls :) If its only this -> why use it? If it's not -> it aint simple anymore? >> Another thing is suggested config >> for this lib would be more appropriate for a daemon rather than a library. >> In general - cgroup is a very flexible subsystem that can be used in a wide >> variety of ways and modes and trying to create a universal simple API would >> more likely result in something hard to manage and work with. >> The idea of having multiple container managers (applications that use >> libcg) creates a lots of questions and possible issues. Containers are >> supposed provide a flexible resource management and task grouping ability, >> which somewhat implies that there cannot be two different resource managers >> per node without one knowing well the desires/goals/methods of the other >> and vice versa. And should there be only one manager per node - probably it >> will be easier for it to use cgroup subsystem directly rather than using a >> wrapper library? >> > > I disagree. Allowing multiple resource managers allows more flexibility. > One thing the configuration subsystem aims to do is to allow permissions > to the groups. With this happening, a resource manager does not need to > about the existence of other groups, it can control only the resources > allotted to it. And since the top level is controlled by the > administrator, he is aware of the groups and their needs. (I've given an > example of such a scenario in the document as well). > Imagine having a shared/joint household savings account with your wife, and taking money from it without your wife knowing and vice versa .. then at some point when you thought that you have some $5K to buy the new super duper laptop you dreamt about your entire life - surprise - no enough resources :) This is somewhat the equivalent of multiple independent resourse managers :) It won't end well :) Should they be expected to be adequate in doing their job, they cannot be independent since they manage a shared resource. Regards, Peter. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists