[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130628050138.GD2500@htj.dyndns.org>
Date: Thu, 27 Jun 2013 22:01:38 -0700
From: Tejun Heo <tj@...nel.org>
To: Mike Galbraith <bitbucket@...ine.de>
Cc: Tim Hockin <thockin@...kin.org>, Li Zefan <lizefan@...wei.com>,
Containers <containers@...ts.linux-foundation.org>,
Cgroups <cgroups@...r.kernel.org>,
bsingharora <bsingharora@...il.com>,
"dhaval.giani" <dhaval.giani@...il.com>,
Kay Sievers <kay.sievers@...y.org>,
jpoimboe <jpoimboe@...hat.com>,
"Daniel P. Berrange" <berrange@...hat.com>,
lpoetter <lpoetter@...hat.com>,
workman-devel <workman-devel@...hat.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: cgroup: status-quo and userland efforts
Hello, Mike.
On Fri, Jun 28, 2013 at 06:49:10AM +0200, Mike Galbraith wrote:
> I always thought that was a very cool feature, mkdir+echo, poof done.
> Now maybe that interface is suboptimal for serious usage, but it makes
> the things usable via dirt simple scripts, very flexible, nice.
Oh, that in itself is not bad. I mean, if you're root, it's pretty
easy to play with and that part is fine. But combined with the
hierarchical nature of cgroup and file permissions, it encourages
people to "deligate" subdirectories to less previledged domains, which
in turn leads to normal binaries to manipulate them directly, which is
where the horror begins. We end up exposing control knobs which are
tightly coupled to kernel implementation details right into lay
binaries and scripts directly used by end users.
I think this is the first time this happened, which is probably why
nobody really noticed the mess earlier.
Anyways, if you're root, you can keep doing whatever you want. You
could be stepping on the centralized agent's toes a bit and vice-versa
but I don't think that's gonna be disastrous. What I'm trying to
stamp out is direct usages from !root domains and !system-management
binaries / scripts. They absolutely have to go. There's no question
about it and I'll take totalitarian userland agent anyday over the
current mess.
Eventually, I think we'll be able to reach an equilibrium where most
things are reasonable and we'll be exploring the acceptable limits of
flexibility again, but right now, please bear with the brutality.
We're way over the line and I can't see a way back which isn't gonna
sting a bit. I'm and will keep trying to make it as painless as
possible.
Thanks!
--
tejun
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists