| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Feb 2015 04:46:16 +0100 From: "Serge E. Hallyn" <serge@...lyn.com> To: Tejun Heo <tj@...nel.org> Cc: "Eric W. Biederman" <ebiederm@...ssion.com>, "Serge E. Hallyn" <serge@...lyn.com>, Richard Weinberger <richard@....at>, Linux API <linux-api@...r.kernel.org>, Linux Containers <containers@...ts.linux-foundation.org>, Serge Hallyn <serge.hallyn@...ntu.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Andy Lutomirski <luto@...capital.net>, cgroups mailinglist <cgroups@...r.kernel.org>, Ingo Molnar <mingo@...hat.com> Subject: Re: [PATCHv3 8/8] cgroup: Add documentation for cgroup namespaces Quoting Tejun Heo (tj@...nel.org): > On Wed, Jan 07, 2015 at 05:27:38PM -0600, Eric W. Biederman wrote: > > >> The -o SUBSYS option doesn't exist. Jesus, at least get yourself > > >> familiar with the basics before claiming random stuff. > > > > Oh let's see I got that command line option out of /proc/mounts and yes > > it works. Perhaps it doesn't if I invoke unified hiearchies but the > > option does in fact exist and work. > > I meant the -o SUBSYS doesn't exist for unified hierarchy. > > > Now I really do need to test report regressions, and send probably send > > regression fixes. If I understand your strange ranting I think you just > > told me that option that -o SUBSYS does work with unified hierarchies. > > What? Why would -O SUBSYS exist for unified hierarchy? It's unified > for all controllers. > > > Tejun. I asked you specifically about this case 2 years ago at plumbers > > and you personally told me this would continue to work. I am going to > > hold you to that. > > I have no idea what you're talking about in *THIS* thread. I'm fully > aware of what was discussed *THEN*. > > > Fixing bugs is one thing. Gratuitious regressions that make supporting > > existing user space applications insane is another. > > Can you explain what problem you're actually trying to talk about > without spouting random claims about regressions? A few weeks ago, in order to test the cgroup namespace patchset with lxc, I went through the motions of getting lxc to work with unified hierarchy. A few of the things I had to change: 1. Hierarchy_num in /proc/cgroups and /proc/self/cgroup start at 0. Used to start with 1. I expect many userspace parsers to be broken by this. 2. After creating every non-leaf cgroup, we must fill in the cgroup.subtree_cgroups file. This is extra work which userspace doesn't have to do right now. 3. Let's say we want to create a freezer cgroup /foo/bar for some set of tasks, which they will administer. In fact let's assume we are going to use cgroup namespaces. We have to put the tasks into /foo/bar, unshare the cgroup ns, then create /foo/bar/leaf, move the tasks into /foo/bar/leaf, and then write 'freezer' into /foo/bar. (If we're not using cgroup namespaces, then we have to do a similar thing to let the tasks administer /foo/bar while placing them under /foo/bar/leaf). The oddness I'm pointing to is where the tasks have to know that they can create cgroups in "..". For containers this becomes odd. We tend to group containers by the tasks in and under a cgroup. We now will have to assume a convention where we know to check for tasks in and under "..", since by definition pid 1's cgroup (in a container) cannot have children. 4. The per-cgroup "tasks" file not existing seems odd, although certainly unexpected by much current software. So, if the unified hierarchy is going to not cause undue pain, existing software really needs to start working now to use it. It's going to be a sizeable task for lxc. -serge -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists