Home » Mailing lists » Devel » Playing with namespaces and bloat-o-meeter
| Playing with namespaces and bloat-o-meeter [message #20802] |
Wed, 26 September 2007 12:37  |
Pavel Emelianov
Messages: 1149
Registered: September 2006
|
Senior Member |
|
|
Hi, guys!
I've noticed that compiling out all the core related to
cloning and cleaning the new namespace saves us more than
a Kbyte (!) from the vmlinux.
add/remove: 19/0 grow/shrink: 6/6 up/down: 1532/-336 (1196)
function old new delta
copy_user_ns - 181 +181
copy_ipcs - 149 +149
copy_utsname - 120 +120
shm_exit_ns - 106 +106
sem_exit_ns - 106 +106
msg_exit_ns - 106 +106
freeary - 100 +100
release_uids - 95 +95
freeque - 92 +92
free_nsproxy 48 99 +51
__sem_init_ns - 45 +45
shm_init_ns - 42 +42
sem_init_ns - 42 +42
msg_init_ns - 42 +42
__shm_init_ns - 38 +38
create_new_namespaces 300 335 +35
__msg_init_ns - 31 +31
sysvipc_proc_release 5 35 +30
free_ipc_ns - 30 +30
do_shm_rmid - 29 +29
shm_release 18 39 +21
free_user_ns - 16 +16
sysvipc_proc_open 100 111 +11
do_shmat 778 787 +9
free_uts_ns - 5 +5
sys_shmctl 1934 1907 -27
msg_init 82 47 -35
shm_init 92 47 -45
sem_init 99 44 -55
sys_msgctl 1394 1311 -83
sys_semctl 2123 2032 -91
Since there already were some questions like "do I need it
on my cellphone?" in reply to pid namespaces patches and
so on, why don't we make ALL the namespaces cloning code
under the config option to make those people happy?
Here's the proposed patch.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
---
diff --git a/include/linux/ipc.h b/include/linux/ipc.h
index 96988d1..b882610 100644
--- a/include/linux/ipc.h
+++ b/include/linux/ipc.h
@@ -100,56 +100,6 @@ struct kern_ipc_perm
void *security;
};
-struct ipc_ids;
-struct ipc_namespace {
- struct kref kref;
- struct ipc_ids *ids[3];
-
- int sem_ctls[4];
- int used_sems;
-
- int msg_ctlmax;
- int msg_ctlmnb;
- int msg_ctlmni;
-
- size_t shm_ctlmax;
- size_t shm_ctlall;
- int shm_ctlmni;
- int shm_tot;
-};
-
-extern struct ipc_namespace init_ipc_ns;
-
-#ifdef CONFIG_SYSVIPC
-#define INIT_IPC_NS(ns) .ns = &init_ipc_ns,
-extern void free_ipc_ns(struct kref *kref);
-extern struct ipc_namespace *copy_ipcs(unsigned long flags,
- struct ipc_namespace *ns);
-#else
-#define INIT_IPC_NS(ns)
-static inline struct ipc_namespace *copy_ipcs(unsigned long flags,
- struct ipc_namespace *ns)
-{
- return ns;
-}
-#endif
-
-static inline struct ipc_namespace *get_ipc_ns(struct ipc_namespace *ns)
-{
-#ifdef CONFIG_SYSVIPC
- if (ns)
- kref_get(&ns->kref);
-#endif
- return ns;
-}
-
-static inline void put_ipc_ns(struct ipc_namespace *ns)
-{
-#ifdef CONFIG_SYSVIPC
- kref_put(&ns->kref, free_ipc_ns);
-#endif
-}
-
#endif /* __KERNEL__ */
#endif /* _LINUX_IPC_H */
diff --git a/include/linux/ipc_namespace.h b/include/linux/ipc_namespace.h
new file mode 100644
index 0000000..89f51f8
--- /dev/null
+++ b/include/linux/ipc_namespace.h
@@ -0,0 +1,67 @@
+#ifndef __IPC_NAMESPACE_H__
+#define __IPC_NAMESPACE_H__
+
+#include <linux/err.h>
+
+struct ipc_ids;
+struct ipc_namespace {
+ struct kref kref;
+ struct ipc_ids *ids[3];
+
+ int sem_ctls[4];
+ int used_sems;
+
+ int msg_ctlmax;
+ int msg_ctlmnb;
+ int msg_ctlmni;
+
+ size_t shm_ctlmax;
+ size_t shm_ctlall;
+ int shm_ctlmni;
+ int shm_tot;
+};
+
+extern struct ipc_namespace init_ipc_ns;
+
+#ifdef CONFIG_SYSVIPC
+#define INIT_IPC_NS(ns) .ns = &init_ipc_ns,
+#else
+#define INIT_IPC_NS(ns)
+#endif
+
+#ifdef CONFIG_NS_IPC
+extern void free_ipc_ns(struct kref *kref);
+extern struct ipc_namespace *copy_ipcs(unsigned long flags,
+ struct ipc_namespace *ns);
+
+static inline struct ipc_namespace *get_ipc_ns(struct ipc_namespace *ns)
+{
+ if (ns)
+ kref_get(&ns->kref);
+ return ns;
+}
+
+static inline void put_ipc_ns(struct ipc_namespace *ns)
+{
+ kref_put(&ns->kref, free_ipc_ns);
+}
+#else
+static inline struct ipc_namespace *copy_ipcs(unsigned long flags,
+ struct ipc_namespace *ns)
+{
+ if (flags & CLONE_NEWIPC)
+ return ERR_PTR(-EINVAL);
+
+ return ns;
+}
+
+static inline struct ipc_namespace *get_ipc_ns(struct ipc_namespace *ns)
+{
+ return ns;
+}
+
+static inline void put_ipc_ns(struct ipc_namespace *ns)
+{
+}
+#endif
+#endif
diff --git a/include/linux/nsproxy.h b/include/linux/nsproxy.h
diff --git a/include/linux/pid.h b/include/linux/pid.h
index 4817c66..ac1b47f 100644
--- a/include/linux/pid.h
+++ b/include/linux/pid.h
@@ -122,7 +122,6 @@ extern struct pid *find_ge_pid(int nr, s
extern struct pid *alloc_pid(struct pid_namespace *ns);
extern void FASTCALL(free_pid(struct pid *pid));
-extern void zap_pid_ns_processes(struct pid_namespace *pid_ns);
/*
* the helpers to get the pid's id seen from different namespaces
diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h
index 0135c76..1f5f915 100644
--- a/include/linux/pid_namespace.h
+++ b/include/linux/pid_namespace.h
@@ -6,6 +6,7 @@
#include <linux/threads.h>
#include <linux/nsproxy.h>
#include <linux/kref.h>
+#include <linux/err.h>
struct pidmap {
atomic_t nr_free;
@@ -29,6 +30,7 @@ struct pid_namespace {
extern struct pid_namespace init_pid_ns;
+#ifdef CONFIG_NS_PID
static inline struct pid_namespace *get_pid_ns(struct pid_namespace *ns)
{
if (ns != &init_pid_ns)
@@ -38,12 +40,37 @@ static inline struct pid_namespace *get_
extern struct pid_namespace *copy_pid_ns(unsigned long flags, struct pid_namespace *ns);
extern void free_pid_ns(struct kref *kref);
+extern void zap_pid_ns_processes(struct pid_namespace *pid_ns);
static inline void put_pid_ns(struct pid_namespace *ns)
{
if (ns != &init_pid_ns)
kref_put(&ns->kref, free_pid_ns);
}
+#else
+static inline struct pid_namespace *get_pid_ns(struct pid_namespace *ns)
+{
+ return ns;
+}
+
+static inline void put_pid_ns(struct pid_namespace *ns)
+{
+}
+
+static inline struct pid_namespace *copy_pid_ns(unsigned long flags,
+ struct pid_namespace *ns)
+{
+ if (flags & CLONE_NEWPID)
+ return ERR_PTR(-EINVAL);
+
+ return ns;
+}
+
+static inline void zap_pid_ns_processes(struct pid_namespace *ns)
+{
+ BUG();
+}
+#endif
static inline struct pid_namespace *task_active_pid_ns(struct task_struct *tsk)
{
diff --git a/include/linux/sched.h b/include/linux/sched.h
diff --git a/include/linux/sem.h b/include/linux/sem.h
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
index b5f41d4..d73080c 100644
--- a/include/linux/user_namespace.h
+++ b/include/linux/user_namespace.h
@@ -17,7 +17,7 @@ struct user_namespace {
extern struct user_namespace init_user_ns;
-#ifdef CONFIG_USER_NS
+#ifdef CONFIG_NS_UID
static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
{
diff --git a/include/linux/utsname.h b/include/linux/utsname.h
index 923db99..cea08a9 100644
--- a/include/linux/utsname.h
+++ b/include/linux/utsname.h
@@ -35,6 +35,7 @@ struct new_utsname {
#include <linux/sched.h>
#include <linux/kref.h>
#include <linux/nsproxy.h>
+#include <linux/err.h>
#include <asm/atomic.h>
struct uts_namespace {
@@ -43,6 +44,7 @@ struct uts_namespace {
};
extern struct uts_namespace init_uts_ns;
+#ifdef CONFIG_NS_UTS
static inline void get_uts_ns(struct uts_namespace *ns)
{
kref_get(&ns->kref);
@@ -56,6 +58,25 @@ static inline void put_uts_ns(struct uts
{
kref_put(&ns->kref, free_uts_ns);
}
+#else
+static inline void get_uts_ns(struct uts_namespace *ns)
+{
+}
+
+static inline void put_uts_ns(struct uts_namespace *ns)
+{
+}
+
+static inline struct uts_namespace *copy_utsname(unsigned long flags,
+ struct uts_namespace *ns)
+{
+ if (flags & CLONE_NEWUTS)
+ return ERR_PTR(-EINVAL);
+
+ return ns;
+}
+#endif
+
static inline struct new_utsname *utsname(void)
{
return ¤t->nsproxy->uts_ns->name;
diff --git a/init/Kconfig b/init/Kconfig
index 684ccfb..ccb1575 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -206,15 +206,6 @@ config TASK_IO_ACCOUNTING
Say N if unsure.
-config USER_NS
- bool "User Namespaces (EXPERIMENTAL)"
- default n
- depends on EXPERIMENTAL
- help
- Support user namespaces. This allows containers, i.e.
- vservers, to use user namespaces to provide different
- user info for different servers. If unsure, say N.
-
config AUDIT
bool "Auditing support"
depends on NET
@@ -369,6 +360,39 @@ config RELAY
If unsure, say N.
+config NAMESPACES
+ bool "The namespaces support"
+ help
+ Provides the way to make tasks work with different objects using
+ the same id
+
+config NS_UTS
+ bool "Uname namespace"
+ depends on NAMESPACES
+ help
+ The utsname namespace
+
+config NS_IPC
+ bool "IPC namespace"
+ depends on NAMESPACES && SYSVIPC
+ help
+ The SYSVIPC ids namespaces
...
|
|
|
|
| Re: Playing with namespaces and bloat-o-meeter [message #20805 is a reply to message #20802] |
Wed, 26 September 2007 13:13  |
serue
Messages: 750
Registered: February 2006
|
Senior Member |
|
|
Quoting Pavel Emelyanov (xemul@openvz.org):
> Hi, guys!
>
> I've noticed that compiling out all the core related to
> cloning and cleaning the new namespace saves us more than
> a Kbyte (!) from the vmlinux.
>
> add/remove: 19/0 grow/shrink: 6/6 up/down: 1532/-336 (1196)
> function old new delta
> copy_user_ns - 181 +181
> copy_ipcs - 149 +149
> copy_utsname - 120 +120
> shm_exit_ns - 106 +106
> sem_exit_ns - 106 +106
> msg_exit_ns - 106 +106
> freeary - 100 +100
> release_uids - 95 +95
> freeque - 92 +92
> free_nsproxy 48 99 +51
> __sem_init_ns - 45 +45
> shm_init_ns - 42 +42
> sem_init_ns - 42 +42
> msg_init_ns - 42 +42
> __shm_init_ns - 38 +38
> create_new_namespaces 300 335 +35
> __msg_init_ns - 31 +31
> sysvipc_proc_release 5 35 +30
> free_ipc_ns - 30 +30
> do_shm_rmid - 29 +29
> shm_release 18 39 +21
> free_user_ns - 16 +16
> sysvipc_proc_open 100 111 +11
> do_shmat 778 787 +9
> free_uts_ns - 5 +5
> sys_shmctl 1934 1907 -27
> msg_init 82 47 -35
> shm_init 92 47 -45
> sem_init 99 44 -55
> sys_msgctl 1394 1311 -83
> sys_semctl 2123 2032 -91
>
> Since there already were some questions like "do I need it
> on my cellphone?" in reply to pid namespaces patches and
> so on, why don't we make ALL the namespaces cloning code
> under the config option to make those people happy?
>
> Here's the proposed patch.
How about a single config variable for all namespaces?
-serge
> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
>
> ---
>
> diff --git a/include/linux/ipc.h b/include/linux/ipc.h
> index 96988d1..b882610 100644
> --- a/include/linux/ipc.h
> +++ b/include/linux/ipc.h
> @@ -100,56 +100,6 @@ struct kern_ipc_perm
> void *security;
> };
>
> -struct ipc_ids;
> -struct ipc_namespace {
> - struct kref kref;
> - struct ipc_ids *ids[3];
> -
> - int sem_ctls[4];
> - int used_sems;
> -
> - int msg_ctlmax;
> - int msg_ctlmnb;
> - int msg_ctlmni;
> -
> - size_t shm_ctlmax;
> - size_t shm_ctlall;
> - int shm_ctlmni;
> - int shm_tot;
> -};
> -
> -extern struct ipc_namespace init_ipc_ns;
> -
> -#ifdef CONFIG_SYSVIPC
> -#define INIT_IPC_NS(ns) .ns = &init_ipc_ns,
> -extern void free_ipc_ns(struct kref *kref);
> -extern struct ipc_namespace *copy_ipcs(unsigned long flags,
> - struct ipc_namespace *ns);
> -#else
> -#define INIT_IPC_NS(ns)
> -static inline struct ipc_namespace *copy_ipcs(unsigned long flags,
> - struct ipc_namespace *ns)
> -{
> - return ns;
> -}
> -#endif
> -
> -static inline struct ipc_namespace *get_ipc_ns(struct ipc_namespace *ns)
> -{
> -#ifdef CONFIG_SYSVIPC
> - if (ns)
> - kref_get(&ns->kref);
> -#endif
> - return ns;
> -}
> -
> -static inline void put_ipc_ns(struct ipc_namespace *ns)
> -{
> -#ifdef CONFIG_SYSVIPC
> - kref_put(&ns->kref, free_ipc_ns);
> -#endif
> -}
> -
> #endif /* __KERNEL__ */
>
> #endif /* _LINUX_IPC_H */
> diff --git a/include/linux/ipc_namespace.h b/include/linux/ipc_namespace.h
> new file mode 100644
> index 0000000..89f51f8
> --- /dev/null
> +++ b/include/linux/ipc_namespace.h
> @@ -0,0 +1,67 @@
> +#ifndef __IPC_NAMESPACE_H__
> +#define __IPC_NAMESPACE_H__
> +
> +#include <linux/err.h>
> +
> +struct ipc_ids;
> +struct ipc_namespace {
> + struct kref kref;
> + struct ipc_ids *ids[3];
> +
> + int sem_ctls[4];
> + int used_sems;
> +
> + int msg_ctlmax;
> + int msg_ctlmnb;
> + int msg_ctlmni;
> +
> + size_t shm_ctlmax;
> + size_t shm_ctlall;
> + int shm_ctlmni;
> + int shm_tot;
> +};
> +
> +extern struct ipc_namespace init_ipc_ns;
> +
> +#ifdef CONFIG_SYSVIPC
> +#define INIT_IPC_NS(ns) .ns = &init_ipc_ns,
> +#else
> +#define INIT_IPC_NS(ns)
> +#endif
> +
> +#ifdef CONFIG_NS_IPC
> +extern void free_ipc_ns(struct kref *kref);
> +extern struct ipc_namespace *copy_ipcs(unsigned long flags,
> + struct ipc_namespace *ns);
> +
> +static inline struct ipc_namespace *get_ipc_ns(struct ipc_namespace *ns)
> +{
> + if (ns)
> + kref_get(&ns->kref);
> + return ns;
> +}
> +
> +static inline void put_ipc_ns(struct ipc_namespace *ns)
> +{
> + kref_put(&ns->kref, free_ipc_ns);
> +}
> +#else
> +static inline struct ipc_namespace *copy_ipcs(unsigned long flags,
> + struct ipc_namespace *ns)
> +{
> + if (flags & CLONE_NEWIPC)
> + return ERR_PTR(-EINVAL);
> +
> + return ns;
> +}
> +
> +static inline struct ipc_namespace *get_ipc_ns(struct ipc_namespace *ns)
> +{
> + return ns;
> +}
> +
> +static inline void put_ipc_ns(struct ipc_namespace *ns)
> +{
> +}
> +#endif
> +#endif
> diff --git a/include/linux/nsproxy.h b/include/linux/nsproxy.h
> diff --git a/include/linux/pid.h b/include/linux/pid.h
> index 4817c66..ac1b47f 100644
> --- a/include/linux/pid.h
> +++ b/include/linux/pid.h
> @@ -122,7 +122,6 @@ extern struct pid *find_ge_pid(int nr, s
>
> extern struct pid *alloc_pid(struct pid_namespace *ns);
> extern void FASTCALL(free_pid(struct pid *pid));
> -extern void zap_pid_ns_processes(struct pid_namespace *pid_ns);
>
> /*
> * the helpers to get the pid's id seen from different namespaces
> diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h
> index 0135c76..1f5f915 100644
> --- a/include/linux/pid_namespace.h
> +++ b/include/linux/pid_namespace.h
> @@ -6,6 +6,7 @@
> #include <linux/threads.h>
> #include <linux/nsproxy.h>
> #include <linux/kref.h>
> +#include <linux/err.h>
>
> struct pidmap {
> atomic_t nr_free;
> @@ -29,6 +30,7 @@ struct pid_namespace {
>
> extern struct pid_namespace init_pid_ns;
>
> +#ifdef CONFIG_NS_PID
> static inline struct pid_namespace *get_pid_ns(struct pid_namespace *ns)
> {
> if (ns != &init_pid_ns)
> @@ -38,12 +40,37 @@ static inline struct pid_namespace *get_
>
> extern struct pid_namespace *copy_pid_ns(unsigned long flags, struct pid_namespace *ns);
> extern void free_pid_ns(struct kref *kref);
> +extern void zap_pid_ns_processes(struct pid_namespace *pid_ns);
>
> static inline void put_pid_ns(struct pid_namespace *ns)
> {
> if (ns != &init_pid_ns)
> kref_put(&ns->kref, free_pid_ns);
> }
> +#else
> +static inline struct pid_namespace *get_pid_ns(struct pid_namespace *ns)
> +{
> + return ns;
> +}
> +
> +static inline void put_pid_ns(struct pid_namespace *ns)
> +{
> +}
> +
> +static inline struct pid_namespace *copy_pid_ns(unsigned long flags,
> + struct pid_namespace *ns)
> +{
> + if (flags & CLONE_NEWPID)
> + return ERR_PTR(-EINVAL);
> +
> + return ns;
> +}
> +
> +static inline void zap_pid_ns_processes(struct pid_namespace *ns)
> +{
> + BUG();
> +}
> +#endif
>
> static inline struct pid_namespace *task_active_pid_ns(struct task_struct *tsk)
> {
> diff --git a/include/linux/sched.h b/include/linux/sched.h
> diff --git a/include/linux/sem.h b/include/linux/sem.h
> diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
> index b5f41d4..d73080c 100644
> --- a/include/linux/user_namespace.h
> +++ b/include/linux/user_namespace.h
> @@ -17,7 +17,7 @@ struct user_namespace {
>
> extern struct user_namespace init_user_ns;
>
> -#ifdef CONFIG_USER_NS
> +#ifdef CONFIG_NS_UID
>
> static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
> {
> diff --git a/include/linux/utsname.h b/include/linux/utsname.h
> index 923db99..cea08a9 100644
> --- a/include/linux/utsname.h
> +++ b/include/linux/utsname.h
> @@ -35,6 +35,7 @@ struct new_utsname {
> #include <linux/sched.h>
> #include <linux/kref.h>
> #include <linux/nsproxy.h>
> +#include <linux/err.h>
> #include <asm/atomic.h>
>
> struct uts_namespace {
> @@ -43,6 +44,7 @@ struct uts_namespace {
> };
> extern struct uts_namespace init_uts_ns;
>
> +#ifdef CONFIG_NS_UTS
> static inline void get_uts_ns(struct uts_namespace *ns)
> {
> kref_get(&ns-&
...
|
|
|
|
|
|
|
|
|
|
| Re: Playing with namespaces and bloat-o-meeter [message #20811 is a reply to message #20802] |
Wed, 26 September 2007 13:24 |
Cedric Le Goater
Messages: 443
Registered: February 2006
|
Senior Member |
|
|
Pavel Emelyanov wrote:
> Hi, guys!
>
> I've noticed that compiling out all the core related to
> cloning and cleaning the new namespace saves us more than
> a Kbyte (!) from the vmlinux.
cool.
but compared to the 5KB pid ns is adding, it's not much. I guess
anything that can be saved is good to save when you run on a cell.
> add/remove: 19/0 grow/shrink: 6/6 up/down: 1532/-336 (1196)
> function old new delta
> copy_user_ns - 181 +181
> copy_ipcs - 149 +149
> copy_utsname - 120 +120
> shm_exit_ns - 106 +106
> sem_exit_ns - 106 +106
> msg_exit_ns - 106 +106
> freeary - 100 +100
> release_uids - 95 +95
> freeque - 92 +92
> free_nsproxy 48 99 +51
> __sem_init_ns - 45 +45
> shm_init_ns - 42 +42
> sem_init_ns - 42 +42
> msg_init_ns - 42 +42
> __shm_init_ns - 38 +38
> create_new_namespaces 300 335 +35
> __msg_init_ns - 31 +31
> sysvipc_proc_release 5 35 +30
> free_ipc_ns - 30 +30
> do_shm_rmid - 29 +29
> shm_release 18 39 +21
> free_user_ns - 16 +16
> sysvipc_proc_open 100 111 +11
> do_shmat 778 787 +9
> free_uts_ns - 5 +5
> sys_shmctl 1934 1907 -27
> msg_init 82 47 -35
> shm_init 92 47 -45
> sem_init 99 44 -55
> sys_msgctl 1394 1311 -83
> sys_semctl 2123 2032 -91
>
> Since there already were some questions like "do I need it
> on my cellphone?" in reply to pid namespaces patches and
> so on, why don't we make ALL the namespaces cloning code
> under the config option to make those people happy?
>
> Here's the proposed patch.
I think I'm ok with it but it would be easier to review if you
could split it in little patchlets, at least one for each
namespace. diffstats are welcome also :)
> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
>
> ---
>
> diff --git a/include/linux/ipc.h b/include/linux/ipc.h
> index 96988d1..b882610 100644
> --- a/include/linux/ipc.h
> +++ b/include/linux/ipc.h
> @@ -100,56 +100,6 @@ struct kern_ipc_perm
> void *security;
> };
>
> -struct ipc_ids;
> -struct ipc_namespace {
> - struct kref kref;
> - struct ipc_ids *ids[3];
> -
> - int sem_ctls[4];
> - int used_sems;
> -
> - int msg_ctlmax;
> - int msg_ctlmnb;
> - int msg_ctlmni;
> -
> - size_t shm_ctlmax;
> - size_t shm_ctlall;
> - int shm_ctlmni;
> - int shm_tot;
> -};
> -
> -extern struct ipc_namespace init_ipc_ns;
> -
> -#ifdef CONFIG_SYSVIPC
> -#define INIT_IPC_NS(ns) .ns = &init_ipc_ns,
> -extern void free_ipc_ns(struct kref *kref);
> -extern struct ipc_namespace *copy_ipcs(unsigned long flags,
> - struct ipc_namespace *ns);
> -#else
> -#define INIT_IPC_NS(ns)
> -static inline struct ipc_namespace *copy_ipcs(unsigned long flags,
> - struct ipc_namespace *ns)
> -{
> - return ns;
> -}
> -#endif
> -
> -static inline struct ipc_namespace *get_ipc_ns(struct ipc_namespace *ns)
> -{
> -#ifdef CONFIG_SYSVIPC
> - if (ns)
> - kref_get(&ns->kref);
> -#endif
> - return ns;
> -}
> -
> -static inline void put_ipc_ns(struct ipc_namespace *ns)
> -{
> -#ifdef CONFIG_SYSVIPC
> - kref_put(&ns->kref, free_ipc_ns);
> -#endif
> -}
> -
> #endif /* __KERNEL__ */
>
> #endif /* _LINUX_IPC_H */
> diff --git a/include/linux/ipc_namespace.h b/include/linux/ipc_namespace.h
> new file mode 100644
> index 0000000..89f51f8
> --- /dev/null
> +++ b/include/linux/ipc_namespace.h
that's something i wanted to do. thanks.
> @@ -0,0 +1,67 @@
> +#ifndef __IPC_NAMESPACE_H__
> +#define __IPC_NAMESPACE_H__
> +
> +#include <linux/err.h>
> +
> +struct ipc_ids;
> +struct ipc_namespace {
> + struct kref kref;
> + struct ipc_ids *ids[3];
> +
> + int sem_ctls[4];
> + int used_sems;
> +
> + int msg_ctlmax;
> + int msg_ctlmnb;
> + int msg_ctlmni;
> +
> + size_t shm_ctlmax;
> + size_t shm_ctlall;
> + int shm_ctlmni;
> + int shm_tot;
> +};
> +
> +extern struct ipc_namespace init_ipc_ns;
> +
> +#ifdef CONFIG_SYSVIPC
> +#define INIT_IPC_NS(ns) .ns = &init_ipc_ns,
> +#else
> +#define INIT_IPC_NS(ns)
> +#endif
> +
> +#ifdef CONFIG_NS_IPC
ok so you're readding that flag. please check ipc/ipc_sysctl.c there might
be some surprises.
check the compile with CONFIG_SYSCTL=n
> +extern void free_ipc_ns(struct kref *kref);
> +extern struct ipc_namespace *copy_ipcs(unsigned long flags,
> + struct ipc_namespace *ns);
> +
> +static inline struct ipc_namespace *get_ipc_ns(struct ipc_namespace *ns)
> +{
> + if (ns)
> + kref_get(&ns->kref);
> + return ns;
> +}
> +
> +static inline void put_ipc_ns(struct ipc_namespace *ns)
> +{
> + kref_put(&ns->kref, free_ipc_ns);
> +}
> +#else
> +static inline struct ipc_namespace *copy_ipcs(unsigned long flags,
> + struct ipc_namespace *ns)
> +{
> + if (flags & CLONE_NEWIPC)
> + return ERR_PTR(-EINVAL);
> +
> + return ns;
> +}
> +
> +static inline struct ipc_namespace *get_ipc_ns(struct ipc_namespace *ns)
> +{
> + return ns;
> +}
> +
> +static inline void put_ipc_ns(struct ipc_namespace *ns)
> +{
> +}
> +#endif
> +#endif
> diff --git a/include/linux/nsproxy.h b/include/linux/nsproxy.h
> diff --git a/include/linux/pid.h b/include/linux/pid.h
> index 4817c66..ac1b47f 100644
> --- a/include/linux/pid.h
> +++ b/include/linux/pid.h
> @@ -122,7 +122,6 @@ extern struct pid *find_ge_pid(int nr, s
>
> extern struct pid *alloc_pid(struct pid_namespace *ns);
> extern void FASTCALL(free_pid(struct pid *pid));
> -extern void zap_pid_ns_processes(struct pid_namespace *pid_ns);
>
> /*
> * the helpers to get the pid's id seen from different namespaces
> diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h
> index 0135c76..1f5f915 100644
> --- a/include/linux/pid_namespace.h
> +++ b/include/linux/pid_namespace.h
> @@ -6,6 +6,7 @@
> #include <linux/threads.h>
> #include <linux/nsproxy.h>
> #include <linux/kref.h>
> +#include <linux/err.h>
>
> struct pidmap {
> atomic_t nr_free;
> @@ -29,6 +30,7 @@ struct pid_namespace {
>
> extern struct pid_namespace init_pid_ns;
>
> +#ifdef CONFIG_NS_PID
> static inline struct pid_namespace *get_pid_ns(struct pid_namespace *ns)
> {
> if (ns != &init_pid_ns)
> @@ -38,12 +40,37 @@ static inline struct pid_namespace *get_
>
> extern struct pid_namespace *copy_pid_ns(unsigned long flags, struct pid_namespace *ns);
> extern void free_pid_ns(struct kref *kref);
> +extern void zap_pid_ns_processes(struct pid_namespace *pid_ns);
>
> static inline void put_pid_ns(struct pid_namespace *ns)
> {
> if (ns != &init_pid_ns)
> kref_put(&ns->kref, free_pid_ns);
> }
> +#else
> +static inline struct pid_namespace *get_pid_ns(struct pid_namespace *ns)
> +{
> + return ns;
> +}
> +
> +static inline void put_pid_ns(struct pid_namespace *ns)
> +{
> +}
> +
> +static inline struct pid_namespace *copy_pid_ns(unsigned long flags,
> + struct pid_namespace *ns)
> +{
> + if (flags & CLONE_NEWPID)
> + return ERR_PTR(-EINVAL);
> +
> + return ns;
> +}
> +
> +static inline void zap_pid_ns_processes(struct pid_namespace *ns)
> +{
> + BUG();
> +}
> +#endif
>
> static inline struct pid_namespace *task_active_pid_ns(struct task_struct *tsk)
> {
> diff --git a/include/linux/sched.h b/include/linux/sched.h
> diff --git a/include/linux/sem.h b/include/linux/sem.h
> diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
> index b5f41d4..d73080c 100644
> --- a/include/linux/user_namespace.h
> +++ b/include/linux/user_namespace.h
> @@ -17,7 +17,7 @@ struct user_namespace {
>
> extern struct user_namespace init_user_ns;
>
> -#ifdef CONFIG_USER_NS
> +#ifdef CONFIG_NS_UID
>
> static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
> {
> diff --git a/include/linux/utsname.h b/include/linux/utsname.h
> index 923db99..cea08a9 100644
> --- a/include/linux/utsname.h
> +++ b/include/linux/utsname.h
> @@ -35,6 +35,7 @@ struct new_utsname {
> #include <linux/sched.h>
> #includ
...
|
|
|
|
|
|
|
|
| Re: Playing with namespaces and bloat-o-meeter [message #20819 is a reply to message #20811] |
Wed, 26 September 2007 14:08 |
Pavel Emelianov
Messages: 1149
Registered: September 2006
|
Senior Member |
|
|
Cedric Le Goater wrote:
> Pavel Emelyanov wrote:
>> Hi, guys!
>>
>> I've noticed that compiling out all the core related to
>> cloning and cleaning the new namespace saves us more than
>> a Kbyte (!) from the vmlinux.
>
> cool.
>
> but compared to the 5KB pid ns is adding, it's not much. I guess
> anything that can be saved is good to save when you run on a cell.
Yup, but I've already sent 3 patches to Andrew that save 1.5 KB
so we have already managed to get a half for cell users ;)
>> add/remove: 19/0 grow/shrink: 6/6 up/down: 1532/-336 (1196)
>> function old new delta
>> copy_user_ns - 181 +181
>> copy_ipcs - 149 +149
>> copy_utsname - 120 +120
>> shm_exit_ns - 106 +106
>> sem_exit_ns - 106 +106
>> msg_exit_ns - 106 +106
>> freeary - 100 +100
>> release_uids - 95 +95
>> freeque - 92 +92
>> free_nsproxy 48 99 +51
>> __sem_init_ns - 45 +45
>> shm_init_ns - 42 +42
>> sem_init_ns - 42 +42
>> msg_init_ns - 42 +42
>> __shm_init_ns - 38 +38
>> create_new_namespaces 300 335 +35
>> __msg_init_ns - 31 +31
>> sysvipc_proc_release 5 35 +30
>> free_ipc_ns - 30 +30
>> do_shm_rmid - 29 +29
>> shm_release 18 39 +21
>> free_user_ns - 16 +16
>> sysvipc_proc_open 100 111 +11
>> do_shmat 778 787 +9
>> free_uts_ns - 5 +5
>> sys_shmctl 1934 1907 -27
>> msg_init 82 47 -35
>> shm_init 92 47 -45
>> sem_init 99 44 -55
>> sys_msgctl 1394 1311 -83
>> sys_semctl 2123 2032 -91
>>
>> Since there already were some questions like "do I need it
>> on my cellphone?" in reply to pid namespaces patches and
>> so on, why don't we make ALL the namespaces cloning code
>> under the config option to make those people happy?
>>
>> Here's the proposed patch.
>
> I think I'm ok with it but it would be easier to review if you
> could split it in little patchlets, at least one for each
> namespace. diffstats are welcome also :)
>
>> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
>>
>> ---
>>
>> diff --git a/include/linux/ipc.h b/include/linux/ipc.h
>> index 96988d1..b882610 100644
>> --- a/include/linux/ipc.h
>> +++ b/include/linux/ipc.h
>> @@ -100,56 +100,6 @@ struct kern_ipc_perm
>> void *security;
>> };
>>
>> -struct ipc_ids;
>> -struct ipc_namespace {
>> - struct kref kref;
>> - struct ipc_ids *ids[3];
>> -
>> - int sem_ctls[4];
>> - int used_sems;
>> -
>> - int msg_ctlmax;
>> - int msg_ctlmnb;
>> - int msg_ctlmni;
>> -
>> - size_t shm_ctlmax;
>> - size_t shm_ctlall;
>> - int shm_ctlmni;
>> - int shm_tot;
>> -};
>> -
>> -extern struct ipc_namespace init_ipc_ns;
>> -
>> -#ifdef CONFIG_SYSVIPC
>> -#define INIT_IPC_NS(ns) .ns = &init_ipc_ns,
>> -extern void free_ipc_ns(struct kref *kref);
>> -extern struct ipc_namespace *copy_ipcs(unsigned long flags,
>> - struct ipc_namespace *ns);
>> -#else
>> -#define INIT_IPC_NS(ns)
>> -static inline struct ipc_namespace *copy_ipcs(unsigned long flags,
>> - struct ipc_namespace *ns)
>> -{
>> - return ns;
>> -}
>> -#endif
>> -
>> -static inline struct ipc_namespace *get_ipc_ns(struct ipc_namespace *ns)
>> -{
>> -#ifdef CONFIG_SYSVIPC
>> - if (ns)
>> - kref_get(&ns->kref);
>> -#endif
>> - return ns;
>> -}
>> -
>> -static inline void put_ipc_ns(struct ipc_namespace *ns)
>> -{
>> -#ifdef CONFIG_SYSVIPC
>> - kref_put(&ns->kref, free_ipc_ns);
>> -#endif
>> -}
>> -
>> #endif /* __KERNEL__ */
>>
>> #endif /* _LINUX_IPC_H */
>> diff --git a/include/linux/ipc_namespace.h b/include/linux/ipc_namespace.h
>> new file mode 100644
>> index 0000000..89f51f8
>> --- /dev/null
>> +++ b/include/linux/ipc_namespace.h
>
> that's something i wanted to do. thanks.
>
>> @@ -0,0 +1,67 @@
>> +#ifndef __IPC_NAMESPACE_H__
>> +#define __IPC_NAMESPACE_H__
>> +
>> +#include <linux/err.h>
>> +
>> +struct ipc_ids;
>> +struct ipc_namespace {
>> + struct kref kref;
>> + struct ipc_ids *ids[3];
>> +
>> + int sem_ctls[4];
>> + int used_sems;
>> +
>> + int msg_ctlmax;
>> + int msg_ctlmnb;
>> + int msg_ctlmni;
>> +
>> + size_t shm_ctlmax;
>> + size_t shm_ctlall;
>> + int shm_ctlmni;
>> + int shm_tot;
>> +};
>> +
>> +extern struct ipc_namespace init_ipc_ns;
>> +
>> +#ifdef CONFIG_SYSVIPC
>> +#define INIT_IPC_NS(ns) .ns = &init_ipc_ns,
>> +#else
>> +#define INIT_IPC_NS(ns)
>> +#endif
>> +
>> +#ifdef CONFIG_NS_IPC
>
> ok so you're readding that flag. please check ipc/ipc_sysctl.c there might
> be some surprises.
>
> check the compile with CONFIG_SYSCTL=n
>
>> +extern void free_ipc_ns(struct kref *kref);
>> +extern struct ipc_namespace *copy_ipcs(unsigned long flags,
>> + struct ipc_namespace *ns);
>> +
>> +static inline struct ipc_namespace *get_ipc_ns(struct ipc_namespace *ns)
>> +{
>> + if (ns)
>> + kref_get(&ns->kref);
>> + return ns;
>> +}
>> +
>> +static inline void put_ipc_ns(struct ipc_namespace *ns)
>> +{
>> + kref_put(&ns->kref, free_ipc_ns);
>> +}
>> +#else
>> +static inline struct ipc_namespace *copy_ipcs(unsigned long flags,
>> + struct ipc_namespace *ns)
>> +{
>> + if (flags & CLONE_NEWIPC)
>> + return ERR_PTR(-EINVAL);
>> +
>> + return ns;
>> +}
>> +
>> +static inline struct ipc_namespace *get_ipc_ns(struct ipc_namespace *ns)
>> +{
>> + return ns;
>> +}
>> +
>> +static inline void put_ipc_ns(struct ipc_namespace *ns)
>> +{
>> +}
>> +#endif
>> +#endif
>> diff --git a/include/linux/nsproxy.h b/include/linux/nsproxy.h
>> diff --git a/include/linux/pid.h b/include/linux/pid.h
>> index 4817c66..ac1b47f 100644
>> --- a/include/linux/pid.h
>> +++ b/include/linux/pid.h
>> @@ -122,7 +122,6 @@ extern struct pid *find_ge_pid(int nr, s
>>
>> extern struct pid *alloc_pid(struct pid_namespace *ns);
>> extern void FASTCALL(free_pid(struct pid *pid));
>> -extern void zap_pid_ns_processes(struct pid_namespace *pid_ns);
>>
>> /*
>> * the helpers to get the pid's id seen from different namespaces
>> diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h
>> index 0135c76..1f5f915 100644
>> --- a/include/linux/pid_namespace.h
>> +++ b/include/linux/pid_namespace.h
>> @@ -6,6 +6,7 @@
>> #include <linux/threads.h>
>> #include <linux/nsproxy.h>
>> #include <linux/kref.h>
>> +#include <linux/err.h>
>>
>> struct pidmap {
>> atomic_t nr_free;
>> @@ -29,6 +30,7 @@ struct pid_namespace {
>>
>> extern struct pid_namespace init_pid_ns;
>>
>> +#ifdef CONFIG_NS_PID
>> static inline struct pid_namespace *get_pid_ns(struct pid_namespace *ns)
>> {
>> if (ns != &init_pid_ns)
>> @@ -38,12 +40,37 @@ static inline struct pid_namespace *get_
>>
>> extern struct pid_namespace *copy_pid_ns(unsigned long flags, struct pid_namespace *ns);
>> extern void free_pid_ns(struct kref *kref);
>> +extern void zap_pid_ns_processes(struct pid_namespace *pid_ns);
>>
>> static inline void put_pid_ns(struct pid_namespace *ns)
>> {
>> if (ns != &init_pid_ns)
>> kref_put(&ns->kref, free_pid_ns);
>> }
>> +#else
>> +static inline struct pid_namespace *get_pid_ns(struct pid_namespace *ns)
>> +{
>> + return ns;
>> +}
>> +
>> +static inline void put_pid_ns(struct pid_namespace *ns)
>> +{
>> +}
>> +
>> +static inline struct pid_namespace *copy_pid_ns(unsigned long flags,
>> + struct pid_namespace
...
|
|
|
|
| Re: Playing with namespaces and bloat-o-meeter [message #20820 is a reply to message #20802] |
Wed, 26 September 2007 14:20 |
Pavel Emelianov
Messages: 1149
Registered: September 2006
|
Senior Member |
|
|
Pavel Emelyanov wrote:
> Hi, guys!
>
> I've noticed that compiling out all the core related to
> cloning and cleaning the new namespace saves us more than
> a Kbyte (!) from the vmlinux.
Sorry guys, this patch is a bit broken :P
CONFIG_NS_PID is used in kernel/pid.c while the real
option is CONFIG_NS_PIDS :(
I've remade the patch and it actually saves 2KB :) I
will send it to Andrew soon.
add/remove: 27/0 grow/shrink: 11/7 up/down: 2477/-340 (2137)
function old new delta
copy_pid_ns - 537 +537
copy_user_ns - 181 +181
copy_ipcs - 149 +149
zap_pid_ns_processes - 130 +130
copy_utsname - 120 +120
shm_exit_ns - 106 +106
sem_exit_ns - 106 +106
msg_exit_ns - 106 +106
freeary - 100 +100
release_uids - 95 +95
freeque - 92 +92
free_nsproxy 48 123 +75
create_new_namespaces 300 358 +58
free_pid_ns - 56 +56
pid_namespaces_init - 48 +48
__sem_init_ns - 45 +45
shm_init_ns - 42 +42
sem_init_ns - 42 +42
msg_init_ns - 42 +42
__shm_init_ns - 38 +38
__msg_init_ns - 31 +31
sysvipc_proc_release 5 35 +30
proc_kill_sb 5 35 +30
free_ipc_ns - 30 +30
do_shm_rmid - 29 +29
proc_set_super 13 38 +25
shm_release 18 39 +21
put_pid 75 95 +20
alloc_pid 687 706 +19
pid_caches_mutex - 16 +16
free_user_ns - 16 +16
sysvipc_proc_open 100 111 +11
do_shmat 778 787 +9
pid_caches_lh - 8 +8
free_uts_ns - 5 +5
pid_ns_cachep - 4 +4
__initcall_pid_namespaces_init6 - 4 +4
do_exit 1855 1856 +1
show_stat 1665 1661 -4
sys_shmctl 1934 1907 -27
msg_init 82 47 -35
shm_init 92 47 -45
sem_init 99 44 -55
sys_msgctl 1394 1311 -83
sys_semctl 2123 2032 -91
> add/remove: 19/0 grow/shrink: 6/6 up/down: 1532/-336 (1196)
> function old new delta
> copy_user_ns - 181 +181
> copy_ipcs - 149 +149
> copy_utsname - 120 +120
> shm_exit_ns - 106 +106
> sem_exit_ns - 106 +106
> msg_exit_ns - 106 +106
> freeary - 100 +100
> release_uids - 95 +95
> freeque - 92 +92
> free_nsproxy 48 99 +51
> __sem_init_ns - 45 +45
> shm_init_ns - 42 +42
> sem_init_ns - 42 +42
> msg_init_ns - 42 +42
> __shm_init_ns - 38 +38
> create_new_namespaces 300 335 +35
> __msg_init_ns - 31 +31
> sysvipc_proc_release 5 35 +30
> free_ipc_ns - 30 +30
> do_shm_rmid - 29 +29
> shm_release 18 39 +21
> free_user_ns - 16 +16
> sysvipc_proc_open 100 111 +11
> do_shmat 778 787 +9
> free_uts_ns - 5 +5
> sys_shmctl 1934 1907 -27
> msg_init 82 47 -35
> shm_init 92 47 -45
> sem_init 99 44 -55
> sys_msgctl 1394 1311 -83
> sys_semctl 2123 2032 -91
>
> Since there already were some questions like "do I need it
> on my cellphone?" in reply to pid namespaces patches and
> so on, why don't we make ALL the namespaces cloning code
> under the config option to make those people happy?
>
> Here's the proposed patch.
>
> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
>
> ---
>
> diff --git a/include/linux/ipc.h b/include/linux/ipc.h
> index 96988d1..b882610 100644
> --- a/include/linux/ipc.h
> +++ b/include/linux/ipc.h
> @@ -100,56 +100,6 @@ struct kern_ipc_perm
> void *security;
> };
>
> -struct ipc_ids;
> -struct ipc_namespace {
> - struct kref kref;
> - struct ipc_ids *ids[3];
> -
> - int sem_ctls[4];
> - int used_sems;
> -
> - int msg_ctlmax;
> - int msg_ctlmnb;
> - int msg_ctlmni;
> -
> - size_t shm_ctlmax;
> - size_t shm_ctlall;
> - int shm_ctlmni;
> - int shm_tot;
> -};
> -
> -extern struct ipc_namespace init_ipc_ns;
> -
> -#ifdef CONFIG_SYSVIPC
> -#define INIT_IPC_NS(ns) .ns = &init_ipc_ns,
> -extern void free_ipc_ns(struct kref *kref);
> -extern struct ipc_namespace *copy_ipcs(unsigned long flags,
> - struct ipc_namespace *ns);
> -#else
> -#define INIT_IPC_NS(ns)
> -static inline struct ipc_namespace *copy_ipcs(unsigned long flags,
> - struct ipc_namespace *ns)
> -{
> - return ns;
> -}
> -#endif
> -
> -static inline struct ipc_namespace *get_ipc_ns(struct ipc_namespace *ns)
> -{
> -#ifdef CONFIG_SYSVIPC
> - if (ns)
> - kref_get(&ns->kref);
> -#endif
> - return ns;
> -}
> -
> -static inline void put_ipc_ns(struct ipc_namespace *ns)
> -{
> -#ifdef CONFIG_SYSVIPC
> - kref_put(&ns->kref, free_ipc_ns);
> -#endif
> -}
> -
> #endif /* __KERNEL__ */
>
> #endif /* _LINUX_IPC_H */
> diff --git a/include/linux/ipc_namespace.h b/include/linux/ipc_namespace.h
> new file mode 100644
> index 0000000..89f51f8
> --- /dev/null
> +++ b/include/linux/ipc_namespace.h
> @@ -0,0 +1,67 @@
> +#ifndef __IPC_NAMESPACE_H__
> +#define __IPC_NAMESPACE_H__
> +
> +#include <linux/err.h>
> +
> +struct ipc_ids;
> +struct ipc_namespace {
> + struct kref kref;
> + struct ipc_ids *ids[3];
> +
> + int sem_ctls[4];
> + int used_sems;
> +
> + int msg_ctlmax;
> + int msg_ctlmnb;
> + int msg_ctlmni;
> +
> + size_t shm_ctlmax;
> + size_t shm_ctlall;
> + int shm_ctlmni;
> + int shm_tot;
> +};
> +
> +extern struct ipc_namespace init_ipc_ns;
> +
> +#ifdef CONFIG_SYSVIPC
> +#define INIT_IPC_NS(ns) .ns = &init_ipc_ns,
> +#else
> +#define INIT_IPC_NS(ns)
> +#endif
> +
> +#ifdef CONFIG_NS_IPC
> +extern void free_ipc_ns(struct kref *kref);
> +extern struct ipc_namespace *copy_ipcs(unsigned long flags,
> + struct ipc_namespace *ns);
> +
> +static inline struct ipc_namespace *get_ipc_ns(struct ipc_namespace *ns)
> +{
> + if (ns)
> + kref_get(&ns->kref);
> + return ns;
> +}
> +
> +static inline void put_ipc_ns(struct ipc_namespace *ns)
> +{
> + kref_put(&ns->kref, free_ipc_ns);
> +}
> +#else
> +static inline struct ipc_namespace *copy_ipcs(unsigned long flags,
> + struct ipc_namespace *ns)
> +{
> + if (flags & CLONE_NEWIPC)
> + return ERR_PTR(-EINVAL);
> +
> + return ns;
> +}
> +
> +static inline struct ipc_namespace *get_ipc_ns(struct ipc_namespace *ns)
> +{
> + return ns;
> +}
> +
> +static inline void put_ipc_ns(struct ipc_namespace *ns)
> +{
> +}
> +#endif
> +#endif
> diff --git a/include/linux/nsproxy.h b/include/linux/nsproxy.h
> diff --git a/include/linux/pid.h b/include/linux/pid.h
> index 4817c66..ac1b47f 100644
> --- a/include/linux/pid.h
> +++ b/include/linux/pid.h
> @@ -122,7 +122,6 @@ extern struct pid *find_ge_pid(int nr, s
>
> extern struct pid *alloc_pid(struct pid_namespace *ns);
> extern void FASTCALL(free_pid(struct pid *pid));
> -extern void za
...
|
|
|
|
|
|
| Re: Playing with namespaces and bloat-o-meeter [message #20823 is a reply to message #20822] |
Wed, 26 September 2007 14:49 |
Pavel Emelianov
Messages: 1149
Registered: September 2006
|
Senior Member |
|
|
Eric W. Biederman wrote:
> Pavel Emelyanov <xemul@openvz.org> writes:
>
>>>
>>> +config NAMESPACES
>>> + bool "The namespaces support"
>>> + help
>>> + Provides the way to make tasks work with different objects using
>>> + the same id
>>> +
>>> +config NS_UTS
>>> + bool "Uname namespace"
>>> + depends on NAMESPACES
>>> + help
>>> + The utsname namespace
>>> +
>>> +config NS_IPC
>>> + bool "IPC namespace"
>>> + depends on NAMESPACES && SYSVIPC
>>> + help
>>> + The SYSVIPC ids namespaces
>>> +
>>> +config NS_PIDS
>>> + bool "PID namespace"
>>> + depends on NAMESPACES
>>> + help
>>> + Tasks see only the pids living in the same namespace and in the
>>> + child namespaces
>>> +
>>> +config NS_UID
>>> + bool "UID namespace"
>>> + depends on NAMESPACES && EXPERIMENTAL
>>> + help
>>> + Support user namespaces. This allows containers, i.e.
>>> + vservers, to use user namespaces to provide different
>>> + user info for different servers. If unsure, say N.
>>> +
>>> config BLK_DEV_INITRD
>>> bool "Initial RAM filesystem and RAM disk (initramfs/initrd) support"
>>> depends on BROKEN || !FRV
>
> The reason we removed these options earlier was a maintenance issue
> and the fact we could not actually compile out the namespaces.
I do not propose to compile out the namespaces, I just propose
to compile out the code that does the clone and release of new
namespaces. This is absolutely painless.
> If we don't cause maintenance complications I think the general
> idea is fine. But please. This all should show up under
> CONFIG_EMBEDDED since the only purpose is to save space.
Hm... Ok, but I also try to save the vmlinux size on my home
PC, so I'd be happy if I could just throw these things out.
Anyway - I will move the CONFIG_NAMESPACES to be selectable
with the EMBEDDED only.
> While things are experimental there is an additional purpose of
> not exposing people to broken or partially working code, so it
> does make sense to have an option there.
Ok, thanks.
So your accolades, can they be transformed into Acked-by-s or
just mentioned in the patch like "reviewed and approved by ..."?
> Eric
>
_______________________________________________
Containers mailing list
Containers@lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
|
|
|
|
| Re: Playing with namespaces and bloat-o-meeter [message #20828 is a reply to message #20823] |
Wed, 26 September 2007 15:42 |
serue
Messages: 750
Registered: February 2006
|
Senior Member |
|
|
Quoting Pavel Emelyanov (xemul@openvz.org):
> Eric W. Biederman wrote:
> > Pavel Emelyanov <xemul@openvz.org> writes:
> >
> >>>
> >>> +config NAMESPACES
> >>> + bool "The namespaces support"
> >>> + help
> >>> + Provides the way to make tasks work with different objects using
> >>> + the same id
> >>> +
> >>> +config NS_UTS
> >>> + bool "Uname namespace"
> >>> + depends on NAMESPACES
> >>> + help
> >>> + The utsname namespace
> >>> +
> >>> +config NS_IPC
> >>> + bool "IPC namespace"
> >>> + depends on NAMESPACES && SYSVIPC
> >>> + help
> >>> + The SYSVIPC ids namespaces
> >>> +
> >>> +config NS_PIDS
> >>> + bool "PID namespace"
> >>> + depends on NAMESPACES
> >>> + help
> >>> + Tasks see only the pids living in the same namespace and in the
> >>> + child namespaces
> >>> +
> >>> +config NS_UID
> >>> + bool "UID namespace"
> >>> + depends on NAMESPACES && EXPERIMENTAL
> >>> + help
> >>> + Support user namespaces. This allows containers, i.e.
> >>> + vservers, to use user namespaces to provide different
> >>> + user info for different servers. If unsure, say N.
> >>> +
> >>> config BLK_DEV_INITRD
> >>> bool "Initial RAM filesystem and RAM disk (initramfs/initrd) support"
> >>> depends on BROKEN || !FRV
> >
> > The reason we removed these options earlier was a maintenance issue
> > and the fact we could not actually compile out the namespaces.
>
> I do not propose to compile out the namespaces, I just propose
> to compile out the code that does the clone and release of new
> namespaces. This is absolutely painless.
>
> > If we don't cause maintenance complications I think the general
> > idea is fine. But please. This all should show up under
> > CONFIG_EMBEDDED since the only purpose is to save space.
>
> Hm... Ok, but I also try to save the vmlinux size on my home
> PC, so I'd be happy if I could just throw these things out.
>
> Anyway - I will move the CONFIG_NAMESPACES to be selectable
> with the EMBEDDED only.
>
> > While things are experimental there is an additional purpose of
> > not exposing people to broken or partially working code, so it
> > does make sense to have an option there.
>
> Ok, thanks.
>
> So your accolades, can they be transformed into Acked-by-s or
> just mentioned in the patch like "reviewed and approved by ..."?
I for one have no objection to the idea itself. There have been several
good suggestions though so I would like to see one more round here to
which I can add an Acked-by.
thanks,
-serge
_______________________________________________
Containers mailing list
Containers@lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
|
|
|
|
Goto Forum:
Current Time: Sun May 28 04:07:24 GMT 2023
Total time taken to generate the page: 0.01330 seconds
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
