From mboxrd@z Thu Jan  1 00:00:00 1970
From: Alin Dobre <alin.dobre-1hSFou9RDDldEee+Cai+ZQ@public.gmane.org>
Subject: Re: [RFC] Per-user namespace process accounting
Date: Thu, 12 Jun 2014 15:37:54 +0100
Message-ID: <5399BB42.60304@elastichosts.com>
References: <5386D58D.2080809@1h.com>
Reply-To: LXC development mailing-list <lxc-devel-cunTk1MwBs9qMoObBWhMNEqPaTDuhLve2LY78lusg7I@public.gmane.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <lxc-devel-bounces-cunTk1MwBs9qMoObBWhMNEqPaTDuhLve2LY78lusg7I@public.gmane.org>
In-Reply-To: <5386D58D.2080809-108MBtLGafw@public.gmane.org>
List-Unsubscribe: <http://lists.linuxcontainers.org/options/lxc-devel>,
 <mailto:lxc-devel-request-cunTk1MwBs9qMoObBWhMNEqPaTDuhLve2LY78lusg7I@public.gmane.org?subject=unsubscribe>
List-Archive: <http://lists.linuxcontainers.org/pipermail/lxc-devel/>
List-Post: <mailto:lxc-devel-cunTk1MwBs9qMoObBWhMNEqPaTDuhLve2LY78lusg7I@public.gmane.org>
List-Help: <mailto:lxc-devel-request-cunTk1MwBs9qMoObBWhMNEqPaTDuhLve2LY78lusg7I@public.gmane.org?subject=help>
List-Subscribe: <http://lists.linuxcontainers.org/listinfo/lxc-devel>,
 <mailto:lxc-devel-request-cunTk1MwBs9qMoObBWhMNEqPaTDuhLve2LY78lusg7I@public.gmane.org?subject=subscribe>
Errors-To: lxc-devel-bounces-cunTk1MwBs9qMoObBWhMNEqPaTDuhLve2LY78lusg7I@public.gmane.org
Sender: "lxc-devel" <lxc-devel-bounces-cunTk1MwBs9qMoObBWhMNEqPaTDuhLve2LY78lusg7I@public.gmane.org>
Cc: containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, lxc-devel-cunTk1MwBs9qMoObBWhMNEqPaTDuhLve2LY78lusg7I@public.gmane.org
List-Id: containers.vger.kernel.org

T24gMjkvMDUvMTQgMDc6MzcsIE1hcmlhbiBNYXJpbm92IHdyb3RlOgo+IEhlbGxvLAo+IAo+IEkg
aGF2ZSB0aGUgZm9sbG93aW5nIHByb3Bvc2l0aW9uLgo+IAo+IE51bWJlciBvZiBjdXJyZW50bHkg
cnVubmluZyBwcm9jZXNzZXMgaXMgYWNjb3VudGVkIGF0IHRoZSByb290IHVzZXIgbmFtZXNwYWNl
LiBUaGUgcHJvYmxlbSBJJ20gZmFjaW5nIGlzIHRoYXQgbXVsdGlwbGUKPiBjb250YWluZXJzIGlu
IGRpZmZlcmVudCB1c2VyIG5hbWVzcGFjZXMgc2hhcmUgdGhlIHByb2Nlc3MgY291bnRlcnMuCj4g
Cj4gU28gaWYgY29udGFpbmVyWCBydW5zIDEwMCB3aXRoIFVJRCA5OSwgY29udGFpbmVyWSBzaG91
bGQgaGF2ZSBOUFJPQyBsaW1pdCBvZiBhYm92ZSAxMDAgaW4gb3JkZXIgdG8gZXhlY3V0ZSBhbnkK
PiBwcm9jZXNzZXMgd2l0aCBpc3Qgb3duIFVJRCA5OS4KPiAKPiBJIGtub3cgdGhhdCBzb21lIG9m
IHlvdSB3aWxsIHRlbGwgbWUgdGhhdCBJIHNob3VsZCBub3QgcHJvdmlzaW9uIGFsbCBvZiBteSBj
b250YWluZXJzIHdpdGggdGhlIHNhbWUgVUlEL0dJRCBtYXBzLCBidXQKPiB0aGlzIGJyaW5ncyBh
bm90aGVyIHByb2JsZW0uCgpJZiB0aGlzIG1hdHRlcnMsIHdlIGFsc28gc3VmZmVyIGZyb20gdGhl
IHNhbWUgcHJvYmxlbSBoZXJlLiBTbyB3ZQpzdXBwb3J0IGFueSBpbXBsZW1lbnRhdGlvbiB0aGF0
IHdvdWxkIGFkZHJlc3MgaXQuCgpDaGVlcnMsCkFsaW4uCgpfX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fXwpseGMtZGV2ZWwgbWFpbGluZyBsaXN0Cmx4Yy1kZXZl
bEBsaXN0cy5saW51eGNvbnRhaW5lcnMub3JnCmh0dHA6Ly9saXN0cy5saW51eGNvbnRhaW5lcnMu
b3JnL2xpc3RpbmZvL2x4Yy1kZXZlbAo=

From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756039AbaFLOpJ (ORCPT <rfc822;w@1wt.eu>);
	Thu, 12 Jun 2014 10:45:09 -0400
Received: from plane.gmane.org ([80.91.229.3]:37977 "EHLO plane.gmane.org"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752898AbaFLOpG (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Thu, 12 Jun 2014 10:45:06 -0400
X-Injected-Via-Gmane: http://gmane.org/
To: linux-kernel@vger.kernel.org
From: Alin Dobre <alin.dobre@elastichosts.com>
Subject: Re: [RFC] Per-user namespace process accounting
Date: Thu, 12 Jun 2014 15:37:54 +0100
Message-ID: <5399BB42.60304@elastichosts.com>
References: <5386D58D.2080809@1h.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: 79.135.116.105
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
In-Reply-To: <5386D58D.2080809@1h.com>
Cc: containers@lists.osdl.org, lxc-devel@lists.linuxcontainers.org
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 29/05/14 07:37, Marian Marinov wrote:
> Hello,
> 
> I have the following proposition.
> 
> Number of currently running processes is accounted at the root user namespace. The problem I'm facing is that multiple
> containers in different user namespaces share the process counters.
> 
> So if containerX runs 100 with UID 99, containerY should have NPROC limit of above 100 in order to execute any
> processes with ist own UID 99.
> 
> I know that some of you will tell me that I should not provision all of my containers with the same UID/GID maps, but
> this brings another problem.

If this matters, we also suffer from the same problem here. So we
support any implementation that would address it.

Cheers,
Alin.