lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080305052631.GA26361@linux.vnet.ibm.com>
Date:	Wed, 5 Mar 2008 10:56:31 +0530
From:	Dhaval Giani <dhaval@...ux.vnet.ibm.com>
To:	Xpl++ <xpl@...n.net>
Cc:	fedora-devel-list@...hat.com, opensuse-packaging@...nsuse.org,
	lkml <linux-kernel@...r.kernel.org>,
	containers@...ts.linux-foundation.org,
	Balbir Singh <balbir@...ibm.com>, menage@...gle.com,
	Peter Zijlstra <a.p.zijlstra@...llo.nl>,
	Srivatsa Vaddagiri <vatsa@...ux.vnet.ibm.com>,
	Sudhir Kumar <skumar@...ux.vnet.ibm.com>
Subject: Re: [RFC] libcg: design and plans

Hi Peter,

Thanks for your comments.

On Tue, Mar 04, 2008 at 07:15:51PM +0200, Xpl++ wrote:
> Hi,
>
> I was wonder if creating such library makes any sense at all, considering 
> the nature of cgroups, the way they work and their possible application?
> It seems to me that any attempt to create a 'simple' API would actualy 
> result in something that will be much harder to use that just making raw 
> mkdir/open/read/write/close operations.

These simple APIs are nothing but raw mkdir/open/read/write/close
operations.

>  Another thing is suggested config 
> for this lib would be more appropriate for a daemon rather than a library.
> In general - cgroup is a very flexible subsystem that can be used in a wide 
> variety of ways and modes and trying to create a universal simple API would 
> more likely result in something hard to manage and work with.
> The idea of having multiple container managers (applications that use 
> libcg) creates a lots of questions and possible issues. Containers are 
> supposed provide a flexible resource management and task grouping ability, 
> which somewhat implies that there cannot be two different resource managers 
> per node without one knowing well the desires/goals/methods of the other 
> and vice versa. And should there be only one manager per node - probably it 
> will be easier for it to use cgroup subsystem directly rather than using a 
> wrapper library?

I disagree. Allowing multiple resource managers allows more flexibility.
One thing the configuration subsystem aims to do is to allow permissions
to the groups. With this happening, a resource manager does not need to
about the existence of other groups, it can control only the resources
allotted to it. And since the top level is controlled by the
administrator, he is aware of the groups and their needs. (I've given an
example of such a scenario in the document as well).

Hope this helps answer your question.

Thanks,
-- 
regards,
Dhaval
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ