On Wed, Nov 01, 2006 at 11:31:57AM +0000, Darren J Moffat wrote:
> Steve Lawrence wrote:
> >On Tue, Oct 31, 2006 at 12:02:58PM -0800, Gary Winiger wrote:
> >>>This is how we treat cpu-shares. project 0 in the global zone has 
> >>>"infinite"
> >>>shares.
> >>>
> >>>This will not help root logins directly, but could by setting:
> >>>
> >>>   usermod -K project=system root
> >>    Or perhaps deliver root's entry this way to start with.
> >
> >Would that be a reasonable change to make via patch?  Perhaps this change
> >could be delivered to nevada, but not backported.
> >
> >It would be confusing to deliver this change, and also deliver the 
> >"user.root"
> >project.  If we made root's default project "system", then the "user.root"
> >project should be removed.  "user.root" is kind of a bug anyhow, as SMF 
> >does
> >not run root services in "user.root".  Currently, only root processes 
> >spawned
> >by login/pam run in "user.root".
> 
> I actually felt that that was an interesting accident that had useful
> sideeffects.  It would though be better to formalise the distinction
> between services SMF starts and logins to root.  I think it is actually
> a good thing that they are in different projects by default.
> 
> Just because they are in different projects doesn't mean the 
> configuration of those projects can't be the same.

I'm proposing special kernel treatment of projid 0.  Another project cannot
be configured to be like this.  Are you proposing a new project attribute
which means "don't enforce zone rctls"??

-Steve

> 
> -- 
> Darren J Moffat
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to