| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 20 Nov 2010 02:33:22 +0100 From: Lennart Poettering <mzxreary@...inter.de> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Ben Gamari <bgamari.foss@...il.com>, David Miller <davem@...emloft.net>, tytso@....edu, a.p.zijlstra@...llo.nl, debiandev@...il.com, alan@...rguk.ukuu.org.uk, dhaval.giani@...il.com, efault@....de, vgoyal@...hat.com, oleg@...hat.com, markus@...ppelsdorf.de, mathieu.desnoyers@...icios.com, mingo@...e.hu, linux-kernel@...r.kernel.org, balbir@...ux.vnet.ibm.com Subject: Re: [RFC/RFT PATCH v3] sched: automated per tty task groups On Fri, 19.11.10 11:48, Linus Torvalds (torvalds@...ux-foundation.org) wrote: > > On Fri, Nov 19, 2010 at 11:12 AM, Ben Gamari <bgamari.foss@...il.com> wrote: > > > > On that note, is there a good reason why the notify_on_release interface > > works the way it does? Wouldn't it be simpler if the cgroup simply > > provided a file on which a process (e.g. systemd) could block? > > Actually, the sane interface would likely just be to have a "drop on > release" interface. Hmm, I think automatic cleanup would be quite nice, but there are some niche cases to think about first (i.e. what do you do if a process generates a cgroup and wants to make itself a member of it, but then dies before it can do that, and the cgroup stays around but empty and never gets cleaned up). > Who uses that thing now? The desktop launcher/systemd approach > definitely doesn't seem want the overhead of being notified and having > to remove it manually. Does anybody else really want it? I'd like automatic cleanup, but definitely also want to be notified when a cgroup runs empty. Here's the use case: we run apache in a cgroup (in a named hierarchy, not attached to any controller, we do this for keeping track of the service and all its children). Now apache dies. Its children, various CGI scripts stay around. However, since Apache is configured to be restarted systemd now kills all remaining children and waits until they are all gone, so that when it starts Apache anew we are in a clean and defined environment, and no remains of the previous instance remain. For this to work I need some kind of notification when all children are gone. Of course if systemd is PID 1, I can just use SIGCHLD for that, but that's more difficult when we are managing user porcesses, and want to do that with a PID != 1. And even even we are PID 1 its kinda neat to have an explicit notification for when a cgroup is empty instead of having to constantly check whether the cgroup is now empty after each SIGCHLD we receive. Also, there must be a way to opt out of automatic cleanup for some groups, since it might make sense to give users access to subtrees of the hierarchy and if you clean up groups belonging to privileged code then you get a namespace problem because unprivileged code might recreate that group and confuse everybody. So yeah, auto-cleanup is nice, but notifications I want too, please thanks. Lennart -- Lennart Poettering - Red Hat, Inc. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists