On Wednesday 04 January 2017 02:34 PM, Krister Johansen wrote: > On Tue, Jan 03, 2017 at 04:57:54PM +0530, Hari Bathini wrote: >> On Thursday 29 December 2016 07:11 AM, Krister Johansen wrote: >>> On Fri, Dec 16, 2016 at 12:06:55AM +0530, Hari Bathini wrote: >>>> This patch-set overcomes this limitation by using cgroup identifier as >>>> container unique identifier. A new PERF_RECORD_NAMESPACES event that >>>> records namespaces related info is introduced, from which the cgroup >>>> namespace's device & inode numbers are used as cgroup identifier. This >>>> is based on the assumption that each container is created with it's own >>>> cgroup namespace allowing assessment/analysis of multiple containers >>>> using cgroup identifier. >>> Why choose cgroups when the kernel dispenses namespace-unique >>> identifiers. Cgroup membership can be arbitrary. Moreover, cgroup and >> >> Agreed. But doesn't that hold for any other namespace or a combination >> of namespaces as well? > > I guess that's part of my concern. There is no container-unique > identifier on the system, since the notion of containers is a construct > of higer-level software.
I wish we had a container-unique identifier. A container-unique identifier will make things a lot more better, not just for container-aware tracing but for audit subsystem as well. https://lwn.net/Articles/699819/#Comments -- Regards, Aravinda -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
