Home » Mailing lists » Devel » [PATCH 0/13] Pid namespaces (OpenVZ view)
| Re: [PATCH 0/13] Pid namespaces (OpenVZ view) [message #13339 is a reply to message #13327] |
Thu, 24 May 2007 19:18   |
ebiederm
Messages: 1354
Registered: February 2006
|
Senior Member |
|
|
Pavel Emelianov <xemul@openvz.org> writes:
> Eric W. Biederman wrote:
>> Pavel Emelianov <xemul@openvz.org> writes:
>>
>>> That's how OpenVZ sees the pid namespaces.
>>>
>>> The main idea is that kernel keeps operating with tasks pid
>>> as it did before, but each task obtains one more pid for each
>>> pid type - the virtual pid. When putting the pid to user or
>>> getting the pid from it kernel operates with the virtual ones.
>>
>> Just a quick reaction.
>>
>> - I would very much like to see a minimum of 3 levels of pids,
>
> Why not 4? From my part, I would like to know, why such nesting
> is important. We have plain IPC namespaces and nobody cares.
> We will have isolated network namespaces, why pids are exception?
4+ is fine, and something we will probably care about someday.
3 seems to be the minimum necessary to get people thinking about
adding more so we don't have arbitrary special cases, especially
in the user interface. At 3 the things are simple enough we don't
have to allocate additional data structures etc.
If we don't need nesting we don't even need 2 levels, and we
can remove the global pid. But we have had that conversation
and especially for the current OpenVZ usage we need nesting.
Having more then two layers means we are prepared to use pid namespaces more
generally. It really isn't that much harder.
>> being supported. Otherwise it is easy to overlook some of the
>> cases that are required to properly support nesting, which long
>> terms seems important.
>>
>> - Semantically fork is easier then unshare. Unshare can mean
>
> This is not. When you fork, the kid shares the session and the
> group with its parent, but moving this pids to new ns is bad - the
> parent will happen to be half-moved. Thus you need to break the
> session and the group in fork(), but this is extra complexity.
Nope. You will just need to have the child call setsid() if
you don't want to share the session and the group.
You can perfectly well share the sid and group with the parent,
because internal to the kernel pids aren't numeric, they are struct
pid pointers.
There is the question of do you use foreign pid handling to display
the session and the group, or do you allocate pids for the session
and the group in the new pid namespace. At this point foreign pid
handling looks sufficient.
>> a lot of things, and it is easy to pick a meaning that has weird
>> side effects. Your implementation has a serious problem in that you
>> change the value of getpid() at runtime. Glibc does not know how to
>> cope with the value of getpid() changing.
>
> This pid changing happens only once per task lifetime.
Unshare isn't once per task lifetime, unless you added some extra
constraints.
> Though I haven't
> seen any problems with glibc for many years running OpenVZ and I think,
> that if glibc will want to cache this getpid() value we can teach it to
> uncache this value in case someone called unshare() with CLONE_NEWPIDS.
glibc very much caches the results of getpid().
If you want to teach glibc not to cache getpid() fee free. The only
way I know to get glibc to invalidates it's pid cache is to call fork.
Eric
|
|
|
|
 |
|
[PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
[PATCH 1/13] Round up the API
|
|
|
Re: [PATCH 1/13] Round up the API
By: serue on Thu, 24 May 2007 16:09 |
|
|
Re: [PATCH 1/13] Round up the API
|
|
|
Re: [PATCH 1/13] Round up the API
|
|
|
Re: [PATCH 1/13] Round up the API
By: serue on Thu, 24 May 2007 16:48 |
|
|
Re: [PATCH 1/13] Round up the API
|
|
|
Re: [PATCH 1/13] Round up the API
By: serue on Fri, 25 May 2007 13:02 |
|
|
[PATCH 2/13] Small preparations for namespaces
|
|
|
Re: [PATCH 2/13] Small preparations for namespaces
By: serue on Thu, 24 May 2007 16:08 |
|
|
Re: [PATCH 2/13] Small preparations for namespaces
|
|
|
Re: [PATCH 2/13] Small preparations for namespaces
By: serue on Fri, 25 May 2007 13:01 |
|
|
Re: [PATCH 2/13] Small preparations for namespaces
|
|
|
Re: [PATCH 2/13] Small preparations for namespaces
By: serue on Fri, 25 May 2007 13:55 |
|
|
[PATCH 3/13] Introduciton of config option and clone flag
|
|
|
Re: [PATCH 3/13] Introduciton of config option and clone flag
|
|
|
[PATCH 4/13] Introduce the vpid fields and helpers for getting them
|
|
|
[PATCH 5/13] Expand the pid/task seeking functions set
|
|
|
Re: [PATCH 5/13] Expand the pid/task seeking functions set
|
|
|
Re: [PATCH 5/13] Expand the pid/task seeking functions set
|
|
|
Re: [PATCH 5/13] Expand the pid/task seeking functions set
|
|
|
[PATCH 6/13] Pid allocation/freeing procedures
|
|
|
[PATCH 7/13] Set virtual pids for a newly cloned task
|
|
|
[PATCH 8/13] The namespace cloning
|
|
|
[PATCH 9/13] Make proc be able to have multiple super blocks
|
|
|
[PATCH 10/13] Make proc draw pids from appropriate namespace
|
|
|
[PATCH 11/13] Changes to show virtual ids to user
|
|
|
Re: [PATCH 11/13] Changes to show virtual ids to user
|
|
|
Re: [PATCH 11/13] Changes to show virtual ids to user
By: xemul on Thu, 24 May 2007 16:15 |
|
|
Re: [PATCH 11/13] Changes to show virtual ids to user
|
|
|
Re: [PATCH 11/13] Changes to show virtual ids to user
|
|
|
Re: [PATCH 11/13] Changes to show virtual ids to user
|
|
|
Re: [PATCH 11/13] Changes to show virtual ids to user
|
|
|
Re: [PATCH 11/13] Changes to show virtual ids to user
|
|
|
Re: [PATCH 11/13] Changes to show virtual ids to user
|
|
|
Re: [PATCH 11/13] Changes to show virtual ids to user
|
|
|
Re: [PATCH 11/13] Changes to show virtual ids to user
|
|
|
Re: [PATCH 11/13] Changes to show virtual ids to user
|
|
|
[PATCH 12/13] Show appropriate pids in proc
|
|
|
[PATCH 13/13] Make all proc entres accessible in a namespace
|
|
|
Instructions of how to make testing easy
|
|
|
Re: Instructions of how to make testing easy
|
|
|
Re: Instructions of how to make testing easy
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
By: serue on Thu, 24 May 2007 15:09 |
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
By: xemul on Thu, 24 May 2007 16:11 |
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
By: serue on Thu, 24 May 2007 16:59 |
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
By: serue on Thu, 24 May 2007 19:10 |
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
By: serue on Fri, 25 May 2007 13:25 |
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
By: serue on Fri, 25 May 2007 14:25 |
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
By: serue on Thu, 24 May 2007 16:20 |
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
By: serue on Fri, 25 May 2007 13:29 |
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
By: dev on Mon, 28 May 2007 11:50 |
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
Goto Forum:
Current Time: Thu Oct 09 22:38:58 GMT 2025
Total time taken to generate the page: 0.11198 seconds
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
