kernel summit topic - 'containers end-game'

Oren Laadan orenl at cs.columbia.edu
Tue Jul 7 08:36:49 PDT 2009



Serge E. Hallyn wrote:
> Quoting Oren Laadan (orenl at cs.columbia.edu):
>>
>> Serge E. Hallyn wrote:
>>> Quoting Oren Laadan (orenl at cs.columbia.edu):
>>>> Serge E. Hallyn wrote:
>>>>> A topic on ksummit agenda is 'containers end-game and how do we
>>>>> get there'.
>>>>>
>>>>> So for starters, looking just at application (and system) containers, what do
>>>>> the libvirt and liblxc projects want to see in kernel support that is currently
>>>>> missing?  Are there specific things that should be done soon to make containers
>>>>> more useful and usable?
>>>>>
>>>>> More generally, the topic raises the question... what 'end-games' are there?
>>>>> A few I can think of off-hand include:
>>>>>
>>>>> 	1. resource control
>>>>> 	2. lightweight virtual servers
>>>>> 	3. (or 2.5) unprivileged containers/jail-on-steroids
>>>>> 		(lightweight virtual servers in which you might, just
>>>>> 		maybe, almost, be able to give away a root account, at
>>>>> 		least as much as you could do so with a kvm/qemu/xen
>>>>> 		partition)
>>>>> 	4. checkpoint, restart, and migration
>>>>>
>>>>> For each end-game, what kernel pieces do we think are missing?  For instance,
>>>>> people seem agreed that resource control needs io control :)  Containers imo
>>>>> need a user namespace.  I think there are quite a few network namespace
>>>>> exploiters who require sysfs directory tagging (or some equivalent) to
>>>>> allow us to migrate physical devices into network namespaces.  And
>>>>> checkpoint/restart needs... checkpoint/restart.
>>>> Heh ... it does need ... checkpoint/restart; and a few issues
>>>> which we should think about sometime --
>>> Yup, these are all things we need to discuss.  For some of them we might
>>> just need to flail about and code a few approaches until we figure out an
>>> answer, but then I think that everyone has thought about a few of these
>>> in some detail, so there probably is much we could gain from talking.
>>>
>>> ...  Does this mean we should try to have a mini-summit in the next 6
>>> months or so?  I'd recommend having one right before kernel summit so
>>> we can get our act together, but getting everyone to tokyo to chat seems
>>> uneconomical :)  It'd be good to chat about at least the first two items
>>> before the summit, though.
>>>
>> How about linux plumbers ?
> 
> Well it seems like an appropriate place for it.  Alas there is almost no chance
> of my being there, but let's hear a roll call - how many people (interested in
> checkpoint/restart) will be or can be at plumber's?
> 
> I'm pretty sure Suka and Dave will be there.

Seems like I can make it.

Oren.




More information about the Containers mailing list