[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <201111210157.pAL1vbRo089486@www262.sakura.ne.jp>
Date: Mon, 21 Nov 2011 10:57:37 +0900
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To: ebiederm@...ssion.com
Cc: netdev@...r.kernel.org
Subject: Re: [PATCH for 2.6.32 (untested)] netns: Add quota for number of NET_NS instances.
Eric W. Biederman wrote:
> Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> writes:
>
> > In order to solve below problems, can we add sysctl variable for
> > restricting number of NET_NS instances?
>
> I don't have any particular problems with patch but I don't think it
> will result in a working system that is easy to keep working. Tuning
> static limits can be fickle.
What I worry is that, although clone() is an operation that is allowed to
sleep, waiting for too long might be annoying for users, especially when the
user cannot easily send Ctrl-C or SIGKILL. (I think ftp client is an example.)
> My inclination in this case the practical fix is that during network
> namespace allocation someone take a look at the cleanup_list. See
> that there is ongoing cleanup activity, and wait until at least one
> network namespace has cleaned up. Perhaps by creating a work struct
> and waiting for it to cycle through the netns workqueue.
Are you suggesting that we should wait only when "the number of NET_NS
instances exceeded quota" and "there is a dead NET_NS instance"?
In other words, let clone() fail immediately if "the number of NET_NS
instances exceeded quota" but "cleanup_list is empty"?
If you are suggesting that we should always wait until "the number of NET_NS
instances becomes smaller than quota", clone() might sleep too long when the
user cannot easily send signals.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists