[PATCH 0/9] Multiple devpts instances
H. Peter Anvin
hpa at zytor.com
Thu Feb 19 11:58:18 PST 2009
Daniel Lezcano wrote:
>>
>> Resource limit partitioning is a much bigger and orthogonal problem.
>>
> In this case we don't have the pty allocated independently, no ?
> I mean one container can allocate 4095 pty, making a pty starvation for
> others containers. Or imagine I am a vilain and I want to mess the other
> containers, I can do echo 0 > /proc/sys/kernel/pty/max.
> AFAIR, we said people making isolation of a resource is in charge (if it
> is relevant), to take into account the /proc/sys part.
>
> For example, making the network per namespace all the network
> configuration variable located in /proc/sys/net are per namespace too.
> When it is irrelevant the file is read-only or just not displayed.
>
> IMHO, pty/max and pty/nr is part of the "multiple devpts instances"
> feature.
>
Naming and resource partitioning are two orthogonal issues, regardless
of what's IYHO.
Really. You have the same classes of issues with ANY allocatable
resource in the system. Period. Furthermore, there are quite a few
applications which want one and not the other. Trying to entangle them
is broken.
-hpa
More information about the Containers
mailing list