lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <569E5EEA.901@cumulusnetworks.com>
Date:	Tue, 19 Jan 2016 09:06:02 -0700
From:	David Ahern <dsa@...ulusnetworks.com>
To:	Stephen Hemminger <stephen@...workplumber.org>,
	Tejun Heo <tj@...nel.org>
Cc:	netdev@...r.kernel.org, cgroups@...r.kernel.org,
	shm@...ulusnetworks.com, roopa@...ulusnetworks.com
Subject: Re: [RFC PATCH net-next] net: Add l3mdev cgroup

On 1/19/16 9:03 AM, Stephen Hemminger wrote:
> On Mon, 4 Jan 2016 15:05:18 -0500
> Tejun Heo <tj@...nel.org> wrote:
>
>> Hello,
>>
>> On Mon, Jan 04, 2016 at 12:59:15PM -0700, David Ahern wrote:
>>> cgroups have very nice properties that I want to leverage such as
>>> parent-child inheritance and easy tracking which subsystem instance a task
>>> belongs. This provides a great kernel foundation for building easy to use
>>> management tools.
>>>
>>> The documentation for cgroups does not restrict a controller to physical
>>> resources but rather "it may be anything that wants to act on a group of
>>> processes." That is exactly what I am doing here - I have a network config
>>> that is applied to a group of processes similar to net_cls and net_prio (but
>>> as I stated before those are orthogonal, independent settings from the L3
>>> domain).
>>
>> Please read the new version of cgroup documentation.
>>
>>    https://git.kernel.org/cgit/linux/kernel/git/tj/cgroup.git/tree/Documentation/cgroup.txt?h=for-4.5
>>
>> cgroup has experienced a lot of problems doing its main job -
>> hierarchical resource control - from trying to support random things
>> which want to group threads.  As shown with xt_cgroup, such
>> identifying usages can be implemented in a way where the subsystem
>> matches the membership rather than cgroup taking in configurations
>> which belong to the subsystem, so please investigate that direction.
>>
>> Thanks.
>>
>
> Policy like this belongs in userspace not kernel.
>


This is the infrastructure that allows userspace to implement a policy - 
the policy being binding tasks and their children to an L3 domain.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ