From: "Serge E. Hallyn" <serge@hallyn.com>
To: Richard Weinberger <richard@nod.at>
Cc: "Serge E. Hallyn" <serge@hallyn.com>,
Richard Weinberger <richard.weinberger@gmail.com>,
LKML <linux-kernel@vger.kernel.org>,
"open list:ABI/API" <linux-api@vger.kernel.org>,
Linux Containers <containers@lists.linux-foundation.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
LXC development mailing-list
<lxc-devel@lists.linuxcontainers.org>, Tejun Heo <tj@kernel.org>,
cgroups mailinglist <cgroups@vger.kernel.org>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: CGroup Namespaces (v4)
Date: Mon, 16 Nov 2015 14:54:52 -0600 [thread overview]
Message-ID: <20151116205452.GA30975@mail.hallyn.com> (raw)
In-Reply-To: <564A41AF.4040208@nod.at>
On Mon, Nov 16, 2015 at 09:50:55PM +0100, Richard Weinberger wrote:
> Am 16.11.2015 um 21:46 schrieb Serge E. Hallyn:
> > On Mon, Nov 16, 2015 at 09:41:15PM +0100, Richard Weinberger wrote:
> >> Serge,
> >>
> >> On Mon, Nov 16, 2015 at 8:51 PM, <serge@hallyn.com> wrote:
> >>> To summarize the semantics:
> >>>
> >>> 1. CLONE_NEWCGROUP re-uses 0x02000000, which was previously CLONE_STOPPED
> >>>
> >>> 2. unsharing a cgroup namespace makes all your current cgroups your new
> >>> cgroup root.
> >>>
> >>> 3. /proc/pid/cgroup always shows cgroup paths relative to the reader's
> >>> cgroup namespce root. A task outside of your cgroup looks like
> >>>
> >>> 8:memory:/../../..
> >>>
> >>> 4. when a task mounts a cgroupfs, the cgroup which shows up as root depends
> >>> on the mounting task's cgroup namespace.
> >>>
> >>> 5. setns to a cgroup namespace switches your cgroup namespace but not
> >>> your cgroups.
> >>>
> >>> With this, using github.com/hallyn/lxc #2015-11-09/cgns (and
> >>> github.com/hallyn/lxcfs #2015-11-10/cgns) we can start a container in a full
> >>> proper cgroup namespace, avoiding either cgmanager or lxcfs cgroup bind mounts.
> >>>
> >>> This is completely backward compatible and will be completely invisible
> >>> to any existing cgroup users (except for those running inside a cgroup
> >>> namespace and looking at /proc/pid/cgroup of tasks outside their
> >>> namespace.)
> >>> cgroupns-root.
> >>
> >> IIRC one downside of this series was that only the new "sane" cgroup
> >> layout was supported
> >> and hence it was useless for everything which expected the default layout.
> >> Hence, still no systemd for us. :)
> >>
> >> Is this now different?
> >
> > Yes, all hierachies are no supported.
> >
>
> Should read "now"? :-)
> If so, *awesome*!
D'oh! Yes, now :-)
-serge
next prev parent reply other threads:[~2015-11-16 20:54 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-16 19:51 CGroup Namespaces (v4) serge
2015-11-16 19:51 ` [PATCH 1/8] kernfs: Add API to generate relative kernfs path serge
2015-11-24 16:16 ` Tejun Heo
2015-11-24 16:17 ` Tejun Heo
2015-11-24 17:43 ` Serge E. Hallyn
2015-11-27 5:25 ` Serge E. Hallyn
2015-11-30 15:11 ` Tejun Heo
2015-11-30 18:37 ` Serge E. Hallyn
2015-11-30 22:53 ` Tejun Heo
2015-12-01 2:08 ` Serge E. Hallyn
2015-11-16 19:51 ` [PATCH 2/8] sched: new clone flag CLONE_NEWCGROUP for cgroup namespace serge
2015-11-16 19:51 ` [PATCH 3/8] cgroup: add function to get task's cgroup serge
2015-11-24 16:27 ` Tejun Heo
2015-11-24 16:54 ` Tejun Heo
2015-11-16 19:51 ` [PATCH 4/8] cgroup: export cgroup_get() and cgroup_put() serge
2015-11-24 16:30 ` Tejun Heo
2015-11-24 22:35 ` Serge E. Hallyn
2015-11-16 19:51 ` [PATCH 5/8] cgroup: introduce cgroup namespaces serge
2015-11-24 16:49 ` Tejun Heo
2015-11-16 19:51 ` [PATCH 6/8] cgroup: cgroup namespace setns support serge
2015-11-24 16:52 ` Tejun Heo
2015-11-16 19:51 ` [PATCH 7/8] cgroup: mount cgroupns-root when inside non-init cgroupns serge
2015-11-24 17:16 ` Tejun Heo
2015-11-25 6:01 ` Serge E. Hallyn
2015-11-25 19:10 ` Tejun Heo
2015-11-25 19:55 ` Serge Hallyn
2015-11-25 19:57 ` Tejun Heo
2015-11-27 5:17 ` Serge E. Hallyn
2015-11-30 15:09 ` Tejun Heo
2015-12-01 4:07 ` Serge E. Hallyn
2015-12-01 16:46 ` Tejun Heo
2015-12-01 21:58 ` Serge E. Hallyn
2015-12-02 16:53 ` Tejun Heo
2015-12-02 16:56 ` Serge E. Hallyn
2015-12-02 16:58 ` Tejun Heo
2015-12-02 17:02 ` Serge E. Hallyn
2015-12-02 17:05 ` Tejun Heo
2015-12-03 22:47 ` Serge E. Hallyn
2015-12-07 15:39 ` Tejun Heo
2015-12-07 15:53 ` Serge Hallyn
2015-11-16 19:51 ` [PATCH 8/8] cgroup: Add documentation for cgroup namespaces serge
2015-11-24 17:16 ` Tejun Heo
2015-11-16 20:41 ` CGroup Namespaces (v4) Richard Weinberger
2015-11-16 20:46 ` Serge E. Hallyn
2015-11-16 20:50 ` Richard Weinberger
2015-11-16 20:54 ` Serge E. Hallyn [this message]
2015-11-16 22:24 ` Eric W. Biederman
2015-11-16 22:37 ` Tejun Heo
2015-11-17 1:13 ` Serge E. Hallyn
2015-11-17 1:40 ` Serge E. Hallyn
2015-11-17 3:54 ` Serge E. Hallyn
2015-11-18 2:30 ` Serge E. Hallyn
2015-11-18 9:18 ` Eric W. Biederman
2015-11-18 15:43 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151116205452.GA30975@mail.hallyn.com \
--to=serge@hallyn.com \
--cc=akpm@linux-foundation.org \
--cc=cgroups@vger.kernel.org \
--cc=containers@lists.linux-foundation.org \
--cc=ebiederm@xmission.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lxc-devel@lists.linuxcontainers.org \
--cc=richard.weinberger@gmail.com \
--cc=richard@nod.at \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).