lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 18 Feb 2022 17:03:56 +0100
From:   Karsten Graul <kgraul@...ux.ibm.com>
To:     dust.li@...ux.alibaba.com,
        Hendrik Brueckner <brueckner@...ux.ibm.com>
Cc:     Stefan Raspl <raspl@...ux.ibm.com>,
        Tony Lu <tonylu@...ux.alibaba.com>, kuba@...nel.org,
        davem@...emloft.net, netdev@...r.kernel.org,
        linux-s390@...r.kernel.org, linux-rdma@...r.kernel.org
Subject: Re: [PATCH] net/smc: Add autocork support

On 18/02/2022 08:33, dust.li wrote:
> On Thu, Feb 17, 2022 at 07:15:54PM +0100, Hendrik Brueckner wrote:
>> On Thu, Feb 17, 2022 at 09:22:00PM +0800, dust.li wrote:
>>> On Thu, Feb 17, 2022 at 10:37:28AM +0100, Stefan Raspl wrote:
>>>> On 2/16/22 16:27, dust.li wrote:
>>>>> On Wed, Feb 16, 2022 at 02:58:32PM +0100, Stefan Raspl wrote:
>>>>>> On 2/16/22 04:49, Dust Li wrote:
>>>>>>
>>>
>>>> Now we understand that cloud workloads are a bit different, and the desire to
>>>> be able to modify the environment of a container while leaving the container
>>>> image unmodified is understandable. But then again, enabling the base image
>>>> would be the cloud way to address this. The question to us is: How do other
>>>> parts of the kernel address this?
>>>
>>> I'm not familiar with K8S, but from one of my colleague who has worked
>>> in that area tells me for resources like CPU/MEM and configurations
>>> like sysctl, can be set using K8S configuration:
>>> https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/
>>
>> For K8s, this involves container engines like cri-o, containerd, podman,
>> and others towards the runtimes like runc.  To ensure they operate together,
>> specifications by the Open Container Initiative (OCI) at
>> https://opencontainers.org/release-notices/overview/
>>
>> For container/pod deployments, there is especially the Container Runtime
>> Interface (CRI) that defines the interface, e.g., of K8s to cri-o etc.
>>
>> CRI includes support for (namespaced) sysctl's:
>> https://github.com/opencontainers/runtime-spec/releases/tag/v1.0.2
>>
>> In essence, the CRI spec would allow users to specify/control a specific
>> runtime for the container in a declarative way w/o modifying the (base)
>> container images.
> 
> Thanks a lot for your kind explanation !
> 
> After a quick look at the OCI spec, I saw the support for file based
> configuration (Including sysfs/procfs etc.). And unfortunately, no
> netlink support.
> 
> 
> Hi Karsten & Stefan:
> Back to the patch itself, do you think I need to add the control switch
> now ? Or just leave the switch and fix other issues first ?

Hi, looks like we need more time to evaluate possibilities, so if you have 
additional topics on your desk move on and delay this one.
Right now for me it looks like there is no way to use netlink for container runtime
configuration, which is a pity.
We continue our discussions about this in the team, and also here on the list.

Thank you!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ