On Fri, 2005-12-16 at 12:45 -0800, Gerrit Huizenga wrote: > Interesting... So how to tasks get *into* a container?
Only by inheritance. > And can they ever get back "out" of a container? No. Think of the pids again. Even the "outside" of a container, things like the real init, have to have unique pids. What if the process's pid is the same as one in use in the default container? > Are most processes on the system > initially not in a container? And then they can be stuffed in a container? > And then containers can be moved around or be isolated from each other? The current idea is that processes are assigned at fork-time. The isolation is for the lifetime of the process. > And, is pid virtualization the point where this happens? Or is that > a slightly higher level? In other words, is pid virtualization the > full implementation of container isolation? Or is it a significant > element on which additional policy, restrictions, and usage models > can be built? pid virtualization is simply the one that's easiest to understand, and the one that demonstrates the largest number of issues. It is a small piece of the puzzle, but an important one. -- Dave ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ ckrm-tech mailing list https://lists.sourceforge.net/lists/listinfo/ckrm-tech
