Hello! On Fri, 2010-12-03 at 12:12 +0100, wiebittewas wrote: > Hi!
> first, I subscribed to this list after I've (tardily) noticed lxc, > because it is something, that I could use for various small systems, > I'm managing and because it seems that there're things to do, before > this project can be really used in production. > Currently I use various modified kernels for that, but maybe some of > the work I've done there may be useful for this project, so possibly > I can help to reach this status. > Unfortunately I didn't found a short ToDo-List as in the kvm-project > (http://www.linux-kvm.org/page/TODO), but something like this would > be really helpful to decide, what could be the first/next step. > maybe someone can give an url or maybe there's a file in source or > anything else? > nevertheless I've got two questions: > lxc use cgroup, but I've seen, that ns_cgroup in kernel doesn't seem > to have other functions, than showing, which task *is* in a > namespace, or at least modifying "tasks" has no effect and the code > in ns_cgroup.c itself is really sparse. > unfortunaelty I did not find anything about the concrete aims of > this part of cgroup, but a short note, that it's possible, that it > will be removed next time because of this value to use. > Can anyone say something about ns_cgroup? If you check on the containers list you'll hear a lot about ns_cgroup and most of it very negative and it's on its way out on skids. It might even already be gone in 2.6.36 but it's been a thorn in peoples sides from the reading I've seen of it. Looks like a patch was submitted way back in July by Serge to get rid of it entirely. That maybe 2.6.36 but almost certainly 2.6.37. This is really a containers question, not an lxc question. > and what is about the concrete aim of namespaces in kernel? Sure, > partitioning as a technical aim, but is privacy another and could it > really be achieved? Concrete: mount-ns: it makes it possible to > mount filesystems without seeing them from root. This maybe useful > in a trustful environment (without patches in kernel), but if I'm in > a trustful environment, do I need this feature? So: is Privacy an > aim of mount-namespace or more or less an incidental part? Again, this is more of a containers question than an lxc question. I would suggest subscribing to the Containers list: https://lists.linux-foundation.org/mailman/listinfo/containers A bunch of them, including Serge, are on this list but that might be a more appropriate spot for your questions. He might be able to comment further. You can also browse the archives for that list here: http://lists.linux-foundation.org/pipermail/containers In particular, for your first question, please check out this thread here: https://lists.linux-foundation.org/pipermail/containers/2010-July/025069.html > I'm asking, because the patches I've done on 2.6-kernel modifies it > in a way, so that it's possible to attach the current process to an > existing namespace and I'm wondering, if this mechanism may be > useful for lxc and have a chance to come into kernel. (not the code > - this is ugly, but maybe it's worth to refactor it) On the containers list, that's already been in the works and, I believe, implemented in some manner and just hasn't trickled out into the distros yet. > at least for network-devices this late-attachment is possible, even > there're pids used, not namespaces themselves. > > well that's all for now. > one note: because english is not my main-language, I may fail to use > the right vocabulary or grammar or perhaps it takes some time before > I answer, because I have to translate the things first, so please if > something sounds strange or makes no sense at all: please ask and be > a bit patient. > (and sure: the time for an answer also depends on my time I can > spend on this project and this is not too much) > > wiebittetwas Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | [email protected] /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev
_______________________________________________ Lxc-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lxc-devel
