Peter Zijlstra <[email protected]> writes: > On Tue, Jul 12, 2016 at 03:41:42PM +0300, Nikolay Borisov wrote: > >> Namespaces and cgroups are completely orthogonal to one another. > > Then how do you specify what your new 'root' is? Surely you must first > create a cgroup and then confine yourself to that? > >> Also in the v1 of cgroups it's possible to have a process member of >> more than 1 cgroup. > > Yeah, so? We only care about the perf controller obviously.
I completely misread the description of this, or I would have something earlier. For some reason I thought he was talking about the perf controller. As I recall the tricky part of this was to have tracing that was safe and usable inside of a container. If you can align a per cgroup with your container that is probably sufficient for the select of processes. At the same time there is a real desire to have identifiers like pids translated into the appropriate form for inside of the container. Without that translation they are meaningless inside a container. Further it is necessary to be certain the trancing that is used is is safe for unprivileged users. I don't think I ever suggested or approved of the concept of a perf namespace and that sounds a bit dubious to me. Eric
