lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20090203123028.GA3788@vespa.holoscopio.com>
Date:	Tue, 3 Feb 2009 10:30:28 -0200
From:	Thadeu Lima de Souza Cascardo <cascardo@...aslivre.org>
To:	"Daniel P. Berrange" <berrange@...hat.com>
Cc:	debian-devel@...ts.debian.org, linux-kernel@...r.kernel.org,
	containers@...ts.linux-foundation.org
Subject: Re: cgroup mount point

On Tue, Feb 03, 2009 at 10:24:16AM +0000, Daniel P. Berrange wrote:
> On Mon, Feb 02, 2009 at 07:41:53PM -0200, Thadeu Lima de Souza Cascardo wrote:
> > From what I've seen, most of them are in the same phases as Debian, or,
> > perhaps, behind. Fedora seems to plan that for Fedora 11, and they have
> > some support in libvirt.
> 
> libvirt is not going to impose any policy for mount points, nor mount
> anything itself. When we use cgroups, libvirt just looks up the mount
> table to find out where the admin or distro has put the mount points
> for each cgroups controller.
>
> I've also not done anything in default Fedora install to automatically
> setup cgroups, since doing that hits the hard-to-answer question of
> whether to mount all controllers in one, or a separate mount per
> controller, or a hybrid.

Sorry. I didn't mean to imply that libvirt or Fedora did anything in
respect to the mountpoint themselves. But that they are supporting or
planning to support cgroups. And I think that one time we will need to
sort the problem of the mountpoint, either let the applications mount it
(in this case, libvirt) or the system do it (Fedora install, Debian
initscripts, et al).

I have some experience with lxc tools from http://lxc.sf.net/ and these
tools also look up the mountpoint at /proc/mounts. So it is up to the
system or the user to mount it.

> > So, we have some more options now: /cgroups, /containers, /dev/cpuset,
> > /dev/cpuctl, /opt/cgroup, /opt/cpuset.
> 
> Putting new mount points in / is not really acceptable, so that rules
> out the first two. /opt is just totally wrong, since that is intended
> for add on software packages. /dev/ feels a little odd, since it is
> not really device nodes, but perhaps that doesn't matter. So my pref
> would be something in /dev/cgroups or /sys/cgroups

My suggestions were /proc/cgroup, /sys/cgroup, /cgroup or /dev/cgroup. I
sent the problems with the former two, and the rationale for the latter
two in a previous message.

I agree that /opt/ is not the place for it (and that's the one I called
'funny'). I've head some people telling that /dev/ is for devices, but I
can't see a problem (/dev/log is a socket and it is there, the FHS
refers to special files).

/proc/ and /sys/ are two good options if the kernel does not put anything
else there. /proc/cgroups already exist, for example.

Could you please give your rationale why / is not really acceptable?

> I also think 'cgroups' is a better name than 'containers', since 
> 'containers' is refering to just one specific use case.

Agreed on this one, although I still prefer the singular (it is also the
name of the filesystem type).

> Regards,
> Daniel
> -- 
> |: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
> |: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
> |: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
> |: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

Regards,
Cascardo.

Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ