* Daniel Lezcano <daniel.lezc...@free.fr> schrieb: > I thing a consensus was not reach. The big deal with syslog is netfilter > logs in an interrupt context where it is difficult to find the right log > buffer ring as we are not in the process context making possible to > identify the namespace.
That's one of the BIG problems in the Linux kernel, we've recently stumbled with in another project (artificial disk bw limits): far too much happening within interrupt context. Interrupts were originally as _short time_ step-ins for time critical signaling. What's happening here is an abuse of that concept, w/ really bad implications (eg. arbitrary users can create loads to bring down the whole system on extreme load). A clean and more robust solution IMHO could be that the interrupt handler only loads the received l1 frames and enqueue them for an kernel thread (or multiple ones) - an containerized setup then would have separate queues and kthreads on per-container basis. cu -- --------------------------------------------------------------------- Enrico Weigelt == metux IT service - http://www.metux.de/ --------------------------------------------------------------------- Please visit the OpenSource QM Taskforce: http://wiki.metux.de/public/OpenSource_QM_Taskforce Patches / Fixes for a lot dozens of packages in dozens of versions: http://patches.metux.de/ --------------------------------------------------------------------- ------------------------------------------------------------------------------ _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
