Re: [RFC] [PATCH 0/7] Some basic vserver infrastructure

From: Eric W. Biederman
Date: Sat Mar 25 2006 - 13:37:56 EST


ebiederm@xxxxxxxxxxxx (Eric W. Biederman) writes:

> Herbert Poetzl <herbert@xxxxxxxxxxxx> writes:
>
>> well, while /proc/mounts is a good example that it 'works'
>> it isn't a good example for proper design, as the entire
>> private namespaces lead to much obfuscation, and having
>> the mounts per process, where they actually should be per
>> namespace, and to hide the fact that there are different
>> namespaces does not help either ...
>>
>> IMHO a much better design would be to have the namespace
>> 'explicit' and link to that one, containig the mounts entry
>> btw, this is something which should still be possible
>> without breaking anything ...
>
> Actually I agree. That should work for everything except sysctl.
>
> The tricky bit is going to be sticky a pid on the namespace group.
> But the patch should be quite simple.

Actually the tricky bit is that there is no way to list resources
that processes share, except for by looking at the processes. Changing
that has performance implications and is at least slightly non-trivial.
Given that the primary upside is better debugging I'm not a fan.

I would much rather modify the interfaces to have double counts
and work like the network devices. Where you get warnings when
someone is still using the device after it has been made to
go away.

I appreciate the concern, and I share it. I just don't think
that right now there is a good mechanism to get better visibility.

Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/