OpenVZ Forum: Devel » [PATCH 1/4] Virtualization/containers: introduction

Home » Mailing lists » Devel » [PATCH 1/4] Virtualization/containers: introduction

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: The issues for agreeing on a virtualization/namespaces implementation. [message #1473 is a reply to message #1396]

Thu, 09 February 2006 04:45

Kyle Moffett
Messages: 4
Registered: February 2006

Junior Member

On Feb 07, 2006, at 17:06, Eric W. Biederman wrote:
> I think I can boil the discussion down into some of the fundamental
> questions that we are facing.
>
> Currently everyone seems to agree that we need something like my
> namespace concept that isolates multiple resources.
>
> We need these for
> UIDS
> FILESYSTEM

I have one suggestion for this (it also covers capabilities to a
certain extent). Could we use the kernel credentials system to
abstract away the concept of a single UID/GID? We currently have
uid, euid, gid, egid, groups, fsid. I'm thinking that there would be
virtualized UID tables to determine ownership of processes/SHM/etc.

Each process would have a (uid_container,uid) pair (or similar) as
its "uid" and likewise for gid. Then the ability to send signals to
any given (uid_container,uid) or (gid_container,gid) pair would be
given by keys in the kernel keyring indexed by the "uid_container"
part and containing the "uid" part (or maybe just a pointer).

Likewise the filesystem access could be virtualized by using uid and
gid keys in the kernel keyring indexed by vfsmount (Not superblock,
so that it would be possible to have different UID representations on
different mounts/parts of the same filesystem).

I'm guessing that the performance implications of the above would not
be quite so nice, as it would put a lot of code in the fastpath, but
I would guess that it might be possible to use the existing fields
for processes without any virtualization needs.

Cheers,
Kyle Moffett

--
There is no way to make Linux robust with unreliable memory
subsystems, sorry. It would be like trying to make a human more
robust with an unreliable O2 supply. Memory just has to work.
-- Andi Kleen

Report message to a moderator

[Message index]

		[PATCH 1/4] Virtualization/containers: introduction By: Kirill Korotaev on Mon, 06 February 2006 21:55
		[PATCH 2/4] Virtualization/containers: CONFIG_CONTAINER By: Kirill Korotaev on Mon, 06 February 2006 22:10
		[PATCH 3/4] Virtualization/containers: UID hash By: Kirill Korotaev on Mon, 06 February 2006 22:15
		[PATCH 4/4] Virtualization/containers: uts name By: Kirill Korotaev on Mon, 06 February 2006 22:20
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Dave Hansen on Mon, 06 February 2006 23:00
		Re: [PATCH 1/4] Virtualization/containers: introduction By: dev on Tue, 07 February 2006 12:22
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Tue, 07 February 2006 03:34
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Rik van Riel on Tue, 07 February 2006 03:40
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Sam Vilain on Tue, 07 February 2006 06:30
		Re: [PATCH 1/4] Virtualization/containers: introduction By: dev on Tue, 07 February 2006 11:49
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Tue, 07 February 2006 14:31
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Tue, 07 February 2006 15:42
		Re: [PATCH 1/4] Virtualization/containers: introduction By: dev on Tue, 07 February 2006 16:16
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Tue, 07 February 2006 17:20
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Sam Vilain on Tue, 07 February 2006 22:43
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Hubertus Franke on Tue, 07 February 2006 16:57
		Re: [PATCH 1/4] Virtualization/containers: introduction By: serue on Tue, 07 February 2006 20:19
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Hubertus Franke on Tue, 07 February 2006 20:46
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Tue, 07 February 2006 22:00
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Hubertus Franke on Tue, 07 February 2006 22:19
		The issues for agreeing on a virtualization/namespaces implementation. By: ebiederm on Tue, 07 February 2006 22:06
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Hubertus Franke on Tue, 07 February 2006 23:35
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Alexey Kuznetsov on Wed, 08 February 2006 00:43
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: ebiederm on Wed, 08 February 2006 02:49
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: serue on Wed, 08 February 2006 03:36
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: ebiederm on Wed, 08 February 2006 05:23
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Hubertus Franke on Wed, 08 February 2006 14:40
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: ebiederm on Wed, 08 February 2006 17:46
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: ebiederm on Wed, 08 February 2006 22:28
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: serue on Wed, 08 February 2006 15:17
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: serue on Wed, 08 February 2006 18:03
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: dev on Mon, 20 February 2006 12:08
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Herbert Poetzl on Mon, 20 February 2006 12:40
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: dev on Mon, 20 February 2006 14:25
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Herbert Poetzl on Mon, 20 February 2006 15:16
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Andi Kleen on Mon, 20 February 2006 15:17
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: ebiederm on Wed, 08 February 2006 03:52
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Herbert Poetzl on Wed, 08 February 2006 04:37
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: ebiederm on Wed, 08 February 2006 04:46
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Herbert Poetzl on Wed, 08 February 2006 04:56
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: serue on Wed, 08 February 2006 14:38
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Hubertus Franke on Wed, 08 February 2006 14:51
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: dev on Wed, 08 February 2006 15:34
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Hubertus Franke on Wed, 08 February 2006 15:57
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Herbert Poetzl on Wed, 08 February 2006 19:02
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: ebiederm on Wed, 08 February 2006 16:48
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Hubertus Franke on Wed, 08 February 2006 18:31
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Dave Hansen on Wed, 08 February 2006 20:21
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: serue on Wed, 08 February 2006 21:22
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: ebiederm on Thu, 09 February 2006 05:41
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Kyle Moffett on Thu, 09 February 2006 04:45
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: ebiederm on Thu, 09 February 2006 22:25
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Sam Vilain on Tue, 07 February 2006 22:58
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Hubertus Franke on Tue, 07 February 2006 23:18
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Wed, 08 February 2006 05:03
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Hubertus Franke on Wed, 08 February 2006 14:13
		Re: [PATCH 1/4] Virtualization/containers: introduction By: dev on Wed, 08 February 2006 15:42
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Wed, 08 February 2006 16:39
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Kevin Fox on Wed, 08 February 2006 02:08
		Re: [PATCH 1/4] Virtualization/containers: introduction By: dev on Wed, 08 February 2006 15:35
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Wed, 08 February 2006 17:16
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Dave Hansen on Wed, 08 February 2006 20:43
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Wed, 08 February 2006 21:04
		Re: [PATCH 1/4] Virtualization/containers: introduction By: dev on Tue, 07 February 2006 12:12
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Tue, 07 February 2006 14:06
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Rik van Riel on Tue, 07 February 2006 14:52
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Tue, 07 February 2006 15:13
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Sam Vilain on Wed, 08 February 2006 01:16
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Paul Jackson on Wed, 08 February 2006 04:21
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Thu, 09 February 2006 00:24
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Jeff Dike on Thu, 09 February 2006 02:18
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Thu, 09 February 2006 03:16
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Hubertus Franke on Thu, 09 February 2006 16:38
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Jeff Dike on Thu, 09 February 2006 17:47
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Sam Vilain on Thu, 09 February 2006 22:09
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Thu, 09 February 2006 21:56

Previous Topic:	Versioning issue on vzquota-3.0.0-2
Next Topic:	[NET][IA64] Unaligned access in sk_run_filter

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Thu Oct 09 23:31:27 GMT 2025

Total time taken to generate the page: 0.12219 seconds