lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 20 Oct 2011 03:38:57 -0700
From:	Paul Menage <paul@...lmenage.org>
To:	Witold Krecicki <wpk@...m.net>
Cc:	Li Zefan <lizf@...fujitsu.com>,
	containers@...ts.linux-foundation.org,
	linux-kernel@...r.kernel.org,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Matt Helsley <matthltc@...ibm.com>
Subject: Re: [PATCH 0/6] cgroup: add isolation_root flag, poor man's
 namespaces for cgroups

On Thu, Oct 20, 2011 at 3:25 AM, Witold Krecicki <wpk@...m.net> wrote:
> I tried to make it as simple as possible - and this approach (looking at patch
> length) seemed to be the simplest (we really don't care about 'other' cgroups
> that might appear).

Right, this is a nicely simple approach that gets rid of some nasty
incompatibilities between containers and cgroups, so it's a great
first step. But it still limits what containers can do with cgroups
(in terms of combining subsystems in hierarchies), hence the idea that
we plan what we might want to do later, and at least make the API
something that could also accommodate the possible future. (In the
same sense that the cgroups mount API has always supported the
possibility of mounting a subsystem on multiple hierarchies at once,
even if the patches to implement it didn't appear for another year or
so and are still languishing and bit-rotting).

> Other approaches would probably require major rewrites of cgroups code.

Not major rewrites, really, but definitely some fiddly replumbing.

Paul
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ