OpenVZ Forum: Devel » [RFC][PATCH] VPIDs: Virtualization of PIDs (OpenVZ approach)

Home » Mailing lists » Devel » [RFC][PATCH] VPIDs: Virtualization of PIDs (OpenVZ approach)

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: [RFC][PATCH 5/7] VPIDs: vpid/pid conversion in VPID enabled case [message #1242 is a reply to message #1224]

Fri, 03 February 2006 17:05

Cedric Le Goater
Messages: 443
Registered: February 2006

Senior Member

Alexey Kuznetsov wrote:

> Frankly speaking, using pair (container, pid) was the first thing, which
> we did (year ago), so that from viewpoint of core the switch
> is not a big deal. :-) However, it was rejected by several reasons:
>
> 1. Replacing all the references to pid with pair (container, pid) is quite
> expensive. F.e. it is possible that a task has a pid from one container,
> but it is in process group and/or session of another container,
> and its controlling terminal owner by another container. Grr..

If that happens, it also means your container is not fully isolated which
is also a challenge for the vpid approach when you try to migrate. nop ?

If i take your example with the external process group, what would happen
if the process group leader dies and then you try to migrate that container
? How would you restore the processes in your container that are refering a
dead external process group leader ?

Everything is possible but "loose" isolation on pid raises a lot of issues
on vpids at restart. I would stick to a real strict isolation and forbid
such cases. And, in that case, it's much easier to use the pair approach
(container, pid).

We've been living with the vpid approach also for years and we found issues
that we haven't solve at restart. So we think we might do a better job with
another. But, this still needs to be confirmed :)

> So, the structures are bloated, the functions get additional arguments.
> And all this is for no real purpose, the functionality comparing with
> VPID is even reduced.

i don't see much changes, when you query a task by pid, you only look in
your *current* container pidspace.

some areas in the kernel use directily pids, true. Eric Biederman really
knows well his job on this topic. Many thanks. But, that could be fixed.

> 2. It is very inconvenient not to see processes inside VPS from host system.
> To do ps, strace, gdb etc. we have to move inside VPS. With VPID approach I can
> gdb even "init" process of VPS in a way invisible to VPS, see?

that's another container model issue again. your init process of a VPS
could be the real init. why do you need a fake one ? just trying to
understand all the issues you had to solve and I'm sure they are valid.

> Well, and main problem is that gui administration and monotoring tools,
> which were existing for ages stop to work and require a major rewrite.
> Does it answer to question about plans for moving away?
>
> To summarize: (container, pid) approach looks clean and consistent.
> At first sight I loved it, even thought it will solve some of problems
> with inter-container access control. But the devil is in details,
> I have to learn this again and again: access control must be separate
> of real engine, otherwise you get something which does not satisfy anyone.

hmm, I'm not completely satisfied :) but we'll work this out, we'll find a
way to agree on something.

C.

Report message to a moderator

[Message index]

		[RFC][PATCH] VPIDs: Virtualization of PIDs (OpenVZ approach) By: Kirill Korotaev on Thu, 02 February 2006 15:54
		[RFC][PATCH 1/7] VPIDs: add VPID config option By: dev on Thu, 02 February 2006 16:16
		[RFC][PATCH 2/7] VPIDs: pid/vpid conversions By: dev on Thu, 02 February 2006 16:21
		Re: [RFC][PATCH 2/7] VPIDs: pid/vpid conversions By: ebiederm on Wed, 08 February 2006 20:29
		Re: [RFC][PATCH 2/7] VPIDs: pid/vpid conversions By: Alexey Kuznetsov on Wed, 08 February 2006 23:53
		Re: [RFC][PATCH 2/7] VPIDs: pid/vpid conversions By: ebiederm on Thu, 09 February 2006 00:37
		Re: [RFC][PATCH 2/7] VPIDs: pid/vpid conversions By: Alexey Kuznetsov on Thu, 09 February 2006 01:11
		Re: [RFC][PATCH 2/7] VPIDs: pid/vpid conversions By: ebiederm on Thu, 09 February 2006 01:36
		Re: [RFC][PATCH 2/7] VPIDs: pid/vpid conversions By: serue on Thu, 09 February 2006 02:51
		Re: [RFC][PATCH 2/7] VPIDs: pid/vpid conversions By: Alexey Kuznetsov on Thu, 09 February 2006 09:55
		Re: [RFC][PATCH 2/7] VPIDs: pid/vpid conversions By: ebiederm on Thu, 09 February 2006 19:22
		Re: [RFC][PATCH 2/7] VPIDs: pid/vpid conversions By: dev on Mon, 20 February 2006 14:55
		Re: [RFC][PATCH 2/7] VPIDs: pid/vpid conversions By: Herbert Poetzl on Mon, 20 February 2006 16:56
		Re: [RFC][PATCH 2/7] VPIDs: pid/vpid conversions By: dev on Tue, 21 February 2006 16:17
		Re: [RFC][PATCH 2/7] VPIDs: pid/vpid conversions By: Herbert Poetzl on Tue, 21 February 2006 23:17
		[RFC][PATCH 3/7] VPIDs: fork modifications By: dev on Thu, 02 February 2006 16:24
		Re: [RFC][PATCH 3/7] VPIDs: fork modifications By: Cedric Le Goater on Thu, 02 February 2006 20:08
		[RFC][PATCH 4/7] VPIDs: vpid macros in non-VPID case By: Kirill Korotaev on Thu, 02 February 2006 16:26
		[RFC][PATCH 5/7] VPIDs: vpid/pid conversion in VPID enabled case By: Kirill Korotaev on Thu, 02 February 2006 16:30
		Re: [RFC][PATCH 5/7] VPIDs: vpid/pid conversion in VPID enabled case By: Dave Hansen on Thu, 02 February 2006 17:05
		Re: [RFC][PATCH 5/7] VPIDs: vpid/pid conversion in VPID enabled case By: serue on Thu, 02 February 2006 19:29
		Re: [RFC][PATCH 5/7] VPIDs: vpid/pid conversion in VPID enabled case By: Alexey Kuznetsov on Fri, 03 February 2006 10:52
		Re: [RFC][PATCH 5/7] VPIDs: vpid/pid conversion in VPID enabled case By: Cedric Le Goater on Fri, 03 February 2006 12:48
		Re: [RFC][PATCH 5/7] VPIDs: vpid/pid conversion in VPID enabled case By: Alexey Kuznetsov on Fri, 03 February 2006 14:02
		Re: [RFC][PATCH 5/7] VPIDs: vpid/pid conversion in VPID enabled case By: Dave Hansen on Fri, 03 February 2006 16:25
		Re: [RFC][PATCH 5/7] VPIDs: vpid/pid conversion in VPID enabled case By: Alexey Kuznetsov on Mon, 06 February 2006 11:24
		Re: [RFC][PATCH 5/7] VPIDs: vpid/pid conversion in VPID enabled case By: Cedric Le Goater on Fri, 03 February 2006 17:05
		Re: [RFC][PATCH 5/7] VPIDs: vpid/pid conversion in VPID enabled case By: Alexey Kuznetsov on Mon, 06 February 2006 09:48
		Re: [RFC][PATCH 5/7] VPIDs: vpid/pid conversion in VPID enabled case By: serue on Mon, 06 February 2006 14:51
		Re: [RFC][PATCH 5/7] VPIDs: vpid/pid conversion in VPID enabled case By: Alexey Kuznetsov on Mon, 06 February 2006 15:51
		Re: [RFC][PATCH 5/7] VPIDs: vpid/pid conversion in VPID enabled case By: serue on Mon, 06 February 2006 16:24
		Re: [RFC][PATCH 5/7] VPIDs: vpid/pid conversion in VPID enabled case By: Cedric Le Goater on Tue, 07 February 2006 09:46
		Re: [RFC][PATCH 5/7] VPIDs: vpid/pid conversion in VPID enabled case By: dev on Tue, 07 February 2006 11:42
		Re: [RFC][PATCH 5/7] VPIDs: vpid/pid conversion in VPID enabled case By: Cedric Le Goater on Tue, 07 February 2006 12:59
		Re: [RFC][PATCH 5/7] VPIDs: vpid/pid conversion in VPID enabled case By: Cedric Le Goater on Tue, 07 February 2006 09:15
		Re: [RFC][PATCH 5/7] VPIDs: vpid/pid conversion in VPID enabled case By: dev on Fri, 03 February 2006 14:03
		Re: [RFC][PATCH 5/7] VPIDs: vpid/pid conversion in VPID enabled case By: Cedric Le Goater on Fri, 03 February 2006 15:40
		Re: [RFC][PATCH 5/7] VPIDs: vpid/pid conversion in VPID enabled case By: Kirill Korotaev on Fri, 03 February 2006 16:26
		[RFC][PATCH 6/7] VPIDs: small proc VPID export By: Kirill Korotaev on Thu, 02 February 2006 16:31
		[RFC][PATCH 7/7] VPIDs: required VPS interface for VPIDs By: Kirill Korotaev on Thu, 02 February 2006 16:32
		Re: [RFC][PATCH] VPIDs: Virtualization of PIDs (OpenVZ approach) By: Herbert Poetzl on Fri, 03 February 2006 03:01
		Re: [RFC][PATCH] VPIDs: Virtualization of PIDs (OpenVZ approach) By: Kirill Korotaev on Fri, 03 February 2006 10:30
		Re: [RFC][PATCH] VPIDs: Virtualization of PIDs (OpenVZ approach) By: Alexey Kuznetsov on Fri, 03 February 2006 12:45

Previous Topic:	vzmemcheck displays wrong values?
Next Topic:	openvz + ipv6

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Sat Aug 30 17:10:51 GMT 2025

Total time taken to generate the page: 0.08241 seconds