[PATCH][BUGFIX] cgroups: fix pid namespace bug

Serge E. Hallyn serue at us.ibm.com
Thu Jul 2 06:26:59 PDT 2009


Quoting Li Zefan (lizf at cn.fujitsu.com):
> Paul Menage wrote:
> > On Wed, Jul 1, 2009 at 7:17 PM, Li Zefan<lizf at cn.fujitsu.com> wrote:
> >> But I guess we are going to fix the bug for 2.6.31? So is it ok to
> >> merge a new feature 'cgroup.procs' together into 2.6.31?
> >>
> > 
> > Does this bug really need to be fixed for 2.6.31? I didn't think that
> > the namespace support in mainline was robust enough yet for people to
> > use them for virtual servers in production environments.

I don't know where the bar is for 'production environments', but I'd
have to claim that pid namespaces are there...

> If so, it's ok for me. Unless someone else has objections. Serge?

Well, on the one hand it's not a horrible bug in that at least it
won't crash the kernel.  But what bugs me is that there is no
workaround for userspace, no way for an admin to know that if he
does for t in `cat /cgroup/victim/tasks`; do kill $t; done he
won't kill his mysql server.

I think that's a bad enough risk to make it worth trying to push
Li's patch.  Surely changing Ben's procs file should be pretty
trivial to rebase?

thanks,
-serge


More information about the Containers mailing list