| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <784F48E6-C07E-4A38-B45B-BD2D66677894@linux.alibaba.com> Date: Wed, 11 Sep 2024 09:53:27 +0800 From: 刘嵩 <liusong@...ux.alibaba.com> To: Tejun Heo <tj@...nel.org> Cc: lizefan.x@...edance.com, hannes@...xchg.org, Michal Koutný <mkoutny@...e.com>, cgroups@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [RFC PATCH] sched, cgroup: cgroup1 can also take the non-RUNTIME_INF min > 2024年9月11日 03:32,Tejun Heo <tj@...nel.org> 写道: > > On Tue, Sep 10, 2024 at 03:48:32PM +0800, Liu Song wrote: >> For the handling logic of child_quota, there is no need to distinguish >> between cgroup1 and cgroup2, so unify the handling logic here. >> >> Signed-off-by: Liu Song <liusong@...ux.alibaba.com> > > It doens't make much sense to change the interface for cgroup1 at this > point. Let's please leave it as-is. > > Thanks. > > -- > tejun Hi In scenarios involving secure shared containers (like Kata), where containers are deployed on VMs and constrained by CPU runtime using quotas, the concept of vCPUs comes into play. If the CPU limit set by Kubernetes is less than the actual number of vCPUs, meaning the CPU count derived from the quota is less than the vCPU count, then when a user runs lscpu inside the container, the reported CPU count will be greater than the container's quota. If the user uses this reported count to calculate quota and attempts to set it for their own sub-container, it will result in an error under cgroup1, whereas the same operation will succeed under cgroup2. To avoid imposing extra learning costs on users, unifying the handling logic in this regard is still beneficial. Thanks
Powered by blists - more mailing lists