[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAAAKZwtqYe-c0bfkgHFbzsOKVHifjTwkqcpci=uS1JwqS9TJHQ@mail.gmail.com>
Date: Fri, 28 Jun 2013 11:53:13 -0700
From: Tim Hockin <thockin@...kin.org>
To: Michal Hocko <mhocko@...e.cz>
Cc: Tejun Heo <tj@...nel.org>, Mike Galbraith <bitbucket@...ine.de>,
Li Zefan <lizefan@...wei.com>,
Containers <containers@...ts.linux-foundation.org>,
Cgroups <cgroups@...r.kernel.org>,
bsingharora <bsingharora@...il.com>,
"dhaval.giani" <dhaval.giani@...il.com>,
Kay Sievers <kay.sievers@...y.org>,
jpoimboe <jpoimboe@...hat.com>,
"Daniel P. Berrange" <berrange@...hat.com>,
lpoetter <lpoetter@...hat.com>,
workman-devel <workman-devel@...hat.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: cgroup: status-quo and userland efforts
On Fri, Jun 28, 2013 at 8:05 AM, Michal Hocko <mhocko@...e.cz> wrote:
> On Thu 27-06-13 22:01:38, Tejun Heo wrote:
>> Oh, that in itself is not bad. I mean, if you're root, it's pretty
>> easy to play with and that part is fine. But combined with the
>> hierarchical nature of cgroup and file permissions, it encourages
>> people to "deligate" subdirectories to less previledged domains,
>
> OK, this really depends on what you expose to non-root users. I have
> seen use cases where admin prepares top-level which is root-only but
> it allows creating sub-groups which are under _full_ control of the
> subdomain. This worked nicely for memcg for example because hard limit,
> oom handling and other knobs are hierarchical so the subdomain cannot
> overwrite what admin has said.
bingo
> And the systemd, with its history of eating projects and not caring much
> about their previous users who are not willing to jump in to the systemd
> car, doesn't sound like a good place where to place the new interface to
> me.
+1
If systemd is the only upstream implementation of this single-agent
idea, we will have to invent our own, and continue to diverge rather
than converge. I think that, if we are going to pursue this model of
a single-agent, we should make a kick-ass implementation that is
flexible and scalable, and full-featured enough to not require
divergence at the lowest layer of the stack. Then build systemd on
top of that. Let systemd offer more features and policies and
"semantic" APIs.
We will build our own semantic APIs that are, necessarily, different
from systemd. But we can all use the same low-level mechanism.
Tim
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists