Hi! first, I subscribed to this list after I've (tardily) noticed lxc, because it is something, that I could use for various small systems, I'm managing and because it seems that there're things to do, before this project can be really used in production.
Currently I use various modified kernels for that, but maybe some of the work I've done there may be useful for this project, so possibly I can help to reach this status. Unfortunately I didn't found a short ToDo-List as in the kvm-project (http://www.linux-kvm.org/page/TODO), but something like this would be really helpful to decide, what could be the first/next step. maybe someone can give an url or maybe there's a file in source or anything else? nevertheless I've got two questions: lxc use cgroup, but I've seen, that ns_cgroup in kernel doesn't seem to have other functions, than showing, which task *is* in a namespace, or at least modifying "tasks" has no effect and the code in ns_cgroup.c itself is really sparse. unfortunaelty I did not find anything about the concrete aims of this part of cgroup, but a short note, that it's possible, that it will be removed next time because of this value to use. Can anyone say something about ns_cgroup? and what is about the concrete aim of namespaces in kernel? Sure, partitioning as a technical aim, but is privacy another and could it really be achieved? Concrete: mount-ns: it makes it possible to mount filesystems without seeing them from root. This maybe useful in a trustful environment (without patches in kernel), but if I'm in a trustful environment, do I need this feature? So: is Privacy an aim of mount-namespace or more or less an incidental part? I'm asking, because the patches I've done on 2.6-kernel modifies it in a way, so that it's possible to attach the current process to an existing namespace and I'm wondering, if this mechanism may be useful for lxc and have a chance to come into kernel. (not the code - this is ugly, but maybe it's worth to refactor it) at least for network-devices this late-attachment is possible, even there're pids used, not namespaces themselves. well that's all for now. one note: because english is not my main-language, I may fail to use the right vocabulary or grammar or perhaps it takes some time before I answer, because I have to translate the things first, so please if something sounds strange or makes no sense at all: please ask and be a bit patient. (and sure: the time for an answer also depends on my time I can spend on this project and this is not too much) wiebittetwas ------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev _______________________________________________ Lxc-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lxc-devel
