OpenVZ Forum: Devel » [PATCH 1/4] Virtualization/containers: introduction

Home » Mailing lists » Devel » [PATCH 1/4] Virtualization/containers: introduction

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: The issues for agreeing on a virtualization/namespaces implementation. [message #1412 is a reply to message #1403]

Wed, 08 February 2006 05:23

ebiederm
Messages: 1354
Registered: February 2006

Senior Member

Hubertus Franke <frankeh@watson.ibm.com> writes:

> Eric W. Biederman wrote:
>> I think I can boil the discussion down into some of the fundamental
>> questions that we are facing.
>>
> Man, bearly can keep up with this email load. Addressed some in
> previous thread, but will reiterate under this context.

:)

>> Currently everyone seems to agree that we need something like
>> my namespace concept that isolates multiple resources.
>> We need these for PIDS
>> UIDS
>> SYSVIPC
>> NETWORK
>> UTSNAME
>> FILESYSTEM
>> etc.
>> The questions seem to break down into:
>> 1) Where do we put the references to the different namespaces?
>> - Do we put the references in a struct container that we reference from struct
> task_struct?
>> - Do we put the references directly in struct task_struct?
>
> You "cache" task_struct->container->hotsubsys under task_struct->hotsubsys.
> We don't change containers other then at clone time, so no coherency issue here
> !!!!
> Which subsystems pointers to "cache", should be agreed by the experts,
> but first approach should always not to cache and go through the container.
>
>> 2) What is the syscall interface to create these namespaces?
>> - Do we add clone flags? (Plan 9 style)
>
> Like that approach .. flexible .. particular when one has well specified
> namespaces.
>
>> - Do we add a syscall (similar to setsid) per namespace?
>> (Traditional unix style)?
>
> Where does that approach end .. what's wrong with doing it at clone() time ?
> Mainly the naming issue. Just providing a flag does not give me name.

It really is a fairly even toss up. The usual argument for doing it
this way is that you will get a endless stream of arguments added to
fork+exec other wise. Look of posix_spawn or the windows version if
you want an example. Bits to clone are skirting the edge of a slippery
slope.

>> 3) How do we refer to namespaces and containers when we are not members?
>> - Do we refer to them indirectly by processes or other objects that
>> we can see and are members?
>> - Do we assign some kind of unique id to the containers?
>
> In containers I simply created an explicite name, which ofcourse colides with
> the
> clone() approach ..
> One possibility is to allow associating a name with a namespace.
> For instance
> int set_namespace_name( long flags, const char *name ) /* the once we are using
> in clone */
> {
> if (!flag)
> set name of container associated with current.
> if (flag())
> set the name if only one container is associated with the
> namespace(s)
> identified .. or some similar rule
> }
>

What I have done which seems easier than creating new names is to refer
to the process which has the namespace I want to manipulate.

>> 6) How do we do all of this efficiently without a noticeable impact on
>> performance?
>> - I have already heard concerns that I might be introducing cache
>> line bounces and thus increasing tasklist_lock hold time.
>> Which on big way systems can be a problem.
>
> Possible to split the lock up now.. one for each pidspace ?

At the moment it is worth thinking about. If the problem isn't
so bad that people aren't actively working on it we don't have to
solve the problem for a little while, just be aware of it.

>> 7) How do we allow a process inside a container to create containers
>> for it's children?
>> - In general this is trivial but there are a few ugly issues
>> here.
>
> Speaking of pids only here ...
> Does it matter, you just hang all those containers hang of init.
> What ever hierarchy they form is external ...

In general it is simple. For resource accounting, and for naming so
you can migrate a container with a nested container it is a question
you need to be slightly careful with.

Eric

Report message to a moderator

[Message index]

		[PATCH 1/4] Virtualization/containers: introduction By: Kirill Korotaev on Mon, 06 February 2006 21:55
		[PATCH 2/4] Virtualization/containers: CONFIG_CONTAINER By: Kirill Korotaev on Mon, 06 February 2006 22:10
		[PATCH 3/4] Virtualization/containers: UID hash By: Kirill Korotaev on Mon, 06 February 2006 22:15
		[PATCH 4/4] Virtualization/containers: uts name By: Kirill Korotaev on Mon, 06 February 2006 22:20
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Dave Hansen on Mon, 06 February 2006 23:00
		Re: [PATCH 1/4] Virtualization/containers: introduction By: dev on Tue, 07 February 2006 12:22
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Tue, 07 February 2006 03:34
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Rik van Riel on Tue, 07 February 2006 03:40
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Sam Vilain on Tue, 07 February 2006 06:30
		Re: [PATCH 1/4] Virtualization/containers: introduction By: dev on Tue, 07 February 2006 11:49
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Tue, 07 February 2006 14:31
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Tue, 07 February 2006 15:42
		Re: [PATCH 1/4] Virtualization/containers: introduction By: dev on Tue, 07 February 2006 16:16
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Tue, 07 February 2006 17:20
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Sam Vilain on Tue, 07 February 2006 22:43
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Hubertus Franke on Tue, 07 February 2006 16:57
		Re: [PATCH 1/4] Virtualization/containers: introduction By: serue on Tue, 07 February 2006 20:19
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Hubertus Franke on Tue, 07 February 2006 20:46
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Tue, 07 February 2006 22:00
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Hubertus Franke on Tue, 07 February 2006 22:19
		The issues for agreeing on a virtualization/namespaces implementation. By: ebiederm on Tue, 07 February 2006 22:06
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Hubertus Franke on Tue, 07 February 2006 23:35
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Alexey Kuznetsov on Wed, 08 February 2006 00:43
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: ebiederm on Wed, 08 February 2006 02:49
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: serue on Wed, 08 February 2006 03:36
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: ebiederm on Wed, 08 February 2006 05:23
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Hubertus Franke on Wed, 08 February 2006 14:40
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: ebiederm on Wed, 08 February 2006 17:46
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: ebiederm on Wed, 08 February 2006 22:28
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: serue on Wed, 08 February 2006 15:17
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: serue on Wed, 08 February 2006 18:03
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: dev on Mon, 20 February 2006 12:08
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Herbert Poetzl on Mon, 20 February 2006 12:40
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: dev on Mon, 20 February 2006 14:25
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Herbert Poetzl on Mon, 20 February 2006 15:16
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Andi Kleen on Mon, 20 February 2006 15:17
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: ebiederm on Wed, 08 February 2006 03:52
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Herbert Poetzl on Wed, 08 February 2006 04:37
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: ebiederm on Wed, 08 February 2006 04:46
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Herbert Poetzl on Wed, 08 February 2006 04:56
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: serue on Wed, 08 February 2006 14:38
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Hubertus Franke on Wed, 08 February 2006 14:51
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: dev on Wed, 08 February 2006 15:34
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Hubertus Franke on Wed, 08 February 2006 15:57
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Herbert Poetzl on Wed, 08 February 2006 19:02
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: ebiederm on Wed, 08 February 2006 16:48
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Hubertus Franke on Wed, 08 February 2006 18:31
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Dave Hansen on Wed, 08 February 2006 20:21
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: serue on Wed, 08 February 2006 21:22
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: ebiederm on Thu, 09 February 2006 05:41
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: Kyle Moffett on Thu, 09 February 2006 04:45
		Re: The issues for agreeing on a virtualization/namespaces implementation. By: ebiederm on Thu, 09 February 2006 22:25
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Sam Vilain on Tue, 07 February 2006 22:58
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Hubertus Franke on Tue, 07 February 2006 23:18
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Wed, 08 February 2006 05:03
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Hubertus Franke on Wed, 08 February 2006 14:13
		Re: [PATCH 1/4] Virtualization/containers: introduction By: dev on Wed, 08 February 2006 15:42
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Wed, 08 February 2006 16:39
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Kevin Fox on Wed, 08 February 2006 02:08
		Re: [PATCH 1/4] Virtualization/containers: introduction By: dev on Wed, 08 February 2006 15:35
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Wed, 08 February 2006 17:16
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Dave Hansen on Wed, 08 February 2006 20:43
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Wed, 08 February 2006 21:04
		Re: [PATCH 1/4] Virtualization/containers: introduction By: dev on Tue, 07 February 2006 12:12
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Tue, 07 February 2006 14:06
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Rik van Riel on Tue, 07 February 2006 14:52
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Tue, 07 February 2006 15:13
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Sam Vilain on Wed, 08 February 2006 01:16
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Paul Jackson on Wed, 08 February 2006 04:21
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Thu, 09 February 2006 00:24
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Jeff Dike on Thu, 09 February 2006 02:18
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Thu, 09 February 2006 03:16
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Hubertus Franke on Thu, 09 February 2006 16:38
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Jeff Dike on Thu, 09 February 2006 17:47
		Re: [PATCH 1/4] Virtualization/containers: introduction By: Sam Vilain on Thu, 09 February 2006 22:09
		Re: [PATCH 1/4] Virtualization/containers: introduction By: ebiederm on Thu, 09 February 2006 21:56

Previous Topic:	Versioning issue on vzquota-3.0.0-2
Next Topic:	[NET][IA64] Unaligned access in sk_run_filter

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Sun Aug 03 00:47:51 GMT 2025

Total time taken to generate the page: 0.88851 seconds