[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170104090459.GB3009@templeofstupid.com>
Date: Wed, 4 Jan 2017 01:04:59 -0800
From: Krister Johansen <kjlx@...pleofstupid.com>
To: Hari Bathini <hbathini@...ux.vnet.ibm.com>
Cc: Krister Johansen <kjlx@...pleofstupid.com>, ast@...com,
peterz@...radead.org, lkml <linux-kernel@...r.kernel.org>,
acme@...nel.org, alexander.shishkin@...ux.intel.com,
mingo@...hat.com, daniel@...earbox.net, rostedt@...dmis.org,
Ananth N Mavinakayanahalli <ananth@...ux.vnet.ibm.com>,
ebiederm@...ssion.com, sargun@...gun.me,
Aravinda Prasad <aravinda@...ux.vnet.ibm.com>,
brendan.d.gregg@...il.com
Subject: Re: [PATCH v4 0/3] perf: add support for analyzing events for
containers
On Tue, Jan 03, 2017 at 04:57:54PM +0530, Hari Bathini wrote:
> On Thursday 29 December 2016 07:11 AM, Krister Johansen wrote:
> >On Fri, Dec 16, 2016 at 12:06:55AM +0530, Hari Bathini wrote:
> >>This patch-set overcomes this limitation by using cgroup identifier as
> >>container unique identifier. A new PERF_RECORD_NAMESPACES event that
> >>records namespaces related info is introduced, from which the cgroup
> >>namespace's device & inode numbers are used as cgroup identifier. This
> >>is based on the assumption that each container is created with it's own
> >>cgroup namespace allowing assessment/analysis of multiple containers
> >>using cgroup identifier.
> >Why choose cgroups when the kernel dispenses namespace-unique
> >identifiers. Cgroup membership can be arbitrary. Moreover, cgroup and
>
> Agreed. But doesn't that hold for any other namespace or a combination
> of namespaces as well?
I guess that's part of my concern. There is no container-unique
identifier on the system, since the notion of containers is a construct
of higer-level software. You're depending on the fact that some popular
container software packages put their processes in separate cgroups.
Some of the stranger problems I've debugged with containers involve
abuses of nsenter(1) and shared subtrees. In cases like that, if you
filter by cgroup you may miss other interfering processes that are in
one or more of the namespaces associated with the container, but not its
cgroup. It's possible I misunderstood. Is the cgroup id being used to
filter events, or just for display purposes?
-K
Powered by blists - more mailing lists