On Wed, Nov 01, 2006 at 11:31:57AM +0000, Darren J Moffat wrote:
> Steve Lawrence wrote:
> >On Tue, Oct 31, 2006 at 12:02:58PM -0800, Gary Winiger wrote:
> >>>This is how we treat cpu-shares. project 0 in the global zone has
> >>>This will not help root logins directly, but could by setting:
> >>> usermod -K project=system root
> >> Or perhaps deliver root's entry this way to start with.
> >Would that be a reasonable change to make via patch? Perhaps this change
> >could be delivered to nevada, but not backported.
> >It would be confusing to deliver this change, and also deliver the
> >project. If we made root's default project "system", then the "user.root"
> >project should be removed. "user.root" is kind of a bug anyhow, as SMF
> >not run root services in "user.root". Currently, only root processes
> >by login/pam run in "user.root".
> I actually felt that that was an interesting accident that had useful
> sideeffects. It would though be better to formalise the distinction
> between services SMF starts and logins to root. I think it is actually
> a good thing that they are in different projects by default.
> Just because they are in different projects doesn't mean the
> configuration of those projects can't be the same.
I'm proposing special kernel treatment of projid 0. Another project cannot
be configured to be like this. Are you proposing a new project attribute
which means "don't enforce zone rctls"??
> Darren J Moffat
zones-discuss mailing list