Home » Mailing lists » Devel » [PATCH 0/13] Pid namespaces (OpenVZ view)
| Re: [PATCH 0/13] Pid namespaces (OpenVZ view) [message #13535 is a reply to message #13350] |
Tue, 29 May 2007 13:07   |
ebiederm
Messages: 1354
Registered: February 2006
|
Senior Member |
|
|
Hmm. I seem to have forgotten to send this one.
Pavel Emelianov <xemul@openvz.org> writes:
> Eric W. Biederman wrote:
> Generic structures are not always needed. Say, why don't we
> have N-level page tables in kernel? Why not make them generic?
> What if some ia128 architecture will require 7-level tables!?
PID namespaces unlike the other namespaces are fundamentally nested.
Which is an unfortunate pain. But if you want to allow nesting
of containers of different types such as system containers and
application containers you need nested PID namespaces.
>> Having more then two layers means we are prepared to use pid namespaces more
>> generally. It really isn't that much harder.
>
> It is not, but do we need to spend so much time on solving
> not relevant problems?
It is relevant to some of us. Therefore it is a relevant problem.
>>>> - Semantically fork is easier then unshare. Unshare can mean
>>> This is not. When you fork, the kid shares the session and the
>>> group with its parent, but moving this pids to new ns is bad - the
>>> parent will happen to be half-moved. Thus you need to break the
>>> session and the group in fork(), but this is extra complexity.
>>
>> Nope. You will just need to have the child call setsid() if
>> you don't want to share the session and the group.
>
> Of course, but setsid() must be done *before* creating a new
> namespace, Otherwise you will have a half-inserted into new
> namespace task. This sounds awful.
We can experience weird interactions, but not really worse then the
sending a signal from outside the namespace. So we may want to
map the pids of the session and the pgrp into the new namespace but
functionally it's not really a big deal, and we can call setsid
after the fork.
>>>> a lot of things, and it is easy to pick a meaning that has weird
>>>> side effects. Your implementation has a serious problem in that you
>>>> change the value of getpid() at runtime. Glibc does not know how to
>>>> cope with the value of getpid() changing.
>>> This pid changing happens only once per task lifetime.
>>
>> Unshare isn't once per task lifetime, unless you added some extra
>> constraints.
>
> It is once. You create a new namespace and that's all.
What prevents you from calling unshare multiple times?
>>> Though I haven't
>>> seen any problems with glibc for many years running OpenVZ and I think,
>>> that if glibc will want to cache this getpid() value we can teach it to
>>> uncache this value in case someone called unshare() with CLONE_NEWPIDS.
>>
>> glibc very much caches the results of getpid().
>
> Can you prove it? We have run OpenVZ for many years and with many
> userspace configurations and we haven't seen the problems with
> glibc ever.
Yes. I did a migration prototype in user space. Migrated a process
to a new pid, but getpid returned the pid before migration. So I
investigated why, including reading the glibc code. glibc cache the
pid value. Once the value is cached only a fork invalidates the
cache.
From: nptl/sysdeps/unix/sysv/linux/getpid.c
pid_t
__getpid (void)
{
pid_t result = THREAD_GETMEM (THREAD_SELF, pid);
if (__builtin_expect (result <= 0, 0))
result = really_getpid (result);
return result;
}
THREAD_GETMEM is a memory read.
really_getpid is the syscall.
Eric
|
|
|
|
 |
|
[PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
[PATCH 1/13] Round up the API
|
|
|
Re: [PATCH 1/13] Round up the API
By: serue on Thu, 24 May 2007 16:09 |
|
|
Re: [PATCH 1/13] Round up the API
|
|
|
Re: [PATCH 1/13] Round up the API
|
|
|
Re: [PATCH 1/13] Round up the API
By: serue on Thu, 24 May 2007 16:48 |
|
|
Re: [PATCH 1/13] Round up the API
|
|
|
Re: [PATCH 1/13] Round up the API
By: serue on Fri, 25 May 2007 13:02 |
|
|
[PATCH 2/13] Small preparations for namespaces
|
|
|
Re: [PATCH 2/13] Small preparations for namespaces
By: serue on Thu, 24 May 2007 16:08 |
|
|
Re: [PATCH 2/13] Small preparations for namespaces
|
|
|
Re: [PATCH 2/13] Small preparations for namespaces
By: serue on Fri, 25 May 2007 13:01 |
|
|
Re: [PATCH 2/13] Small preparations for namespaces
|
|
|
Re: [PATCH 2/13] Small preparations for namespaces
By: serue on Fri, 25 May 2007 13:55 |
|
|
[PATCH 3/13] Introduciton of config option and clone flag
|
|
|
Re: [PATCH 3/13] Introduciton of config option and clone flag
|
|
|
[PATCH 4/13] Introduce the vpid fields and helpers for getting them
|
|
|
[PATCH 5/13] Expand the pid/task seeking functions set
|
|
|
Re: [PATCH 5/13] Expand the pid/task seeking functions set
|
|
|
Re: [PATCH 5/13] Expand the pid/task seeking functions set
|
|
|
Re: [PATCH 5/13] Expand the pid/task seeking functions set
|
|
|
[PATCH 6/13] Pid allocation/freeing procedures
|
|
|
[PATCH 7/13] Set virtual pids for a newly cloned task
|
|
|
[PATCH 8/13] The namespace cloning
|
|
|
[PATCH 9/13] Make proc be able to have multiple super blocks
|
|
|
[PATCH 10/13] Make proc draw pids from appropriate namespace
|
|
|
[PATCH 11/13] Changes to show virtual ids to user
|
|
|
Re: [PATCH 11/13] Changes to show virtual ids to user
|
|
|
Re: [PATCH 11/13] Changes to show virtual ids to user
By: xemul on Thu, 24 May 2007 16:15 |
|
|
Re: [PATCH 11/13] Changes to show virtual ids to user
|
|
|
Re: [PATCH 11/13] Changes to show virtual ids to user
|
|
|
Re: [PATCH 11/13] Changes to show virtual ids to user
|
|
|
Re: [PATCH 11/13] Changes to show virtual ids to user
|
|
|
Re: [PATCH 11/13] Changes to show virtual ids to user
|
|
|
Re: [PATCH 11/13] Changes to show virtual ids to user
|
|
|
Re: [PATCH 11/13] Changes to show virtual ids to user
|
|
|
Re: [PATCH 11/13] Changes to show virtual ids to user
|
|
|
Re: [PATCH 11/13] Changes to show virtual ids to user
|
|
|
[PATCH 12/13] Show appropriate pids in proc
|
|
|
[PATCH 13/13] Make all proc entres accessible in a namespace
|
|
|
Instructions of how to make testing easy
|
|
|
Re: Instructions of how to make testing easy
|
|
|
Re: Instructions of how to make testing easy
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
By: serue on Thu, 24 May 2007 15:09 |
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
By: xemul on Thu, 24 May 2007 16:11 |
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
By: serue on Thu, 24 May 2007 16:59 |
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
By: serue on Thu, 24 May 2007 19:10 |
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
By: serue on Fri, 25 May 2007 13:25 |
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
By: serue on Fri, 25 May 2007 14:25 |
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
By: serue on Thu, 24 May 2007 16:20 |
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
By: serue on Fri, 25 May 2007 13:29 |
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
By: dev on Mon, 28 May 2007 11:50 |
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
|
|
Re: [PATCH 0/13] Pid namespaces (OpenVZ view)
|
Goto Forum:
Current Time: Fri Aug 01 22:34:17 GMT 2025
Total time taken to generate the page: 1.00363 seconds
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
