Virtualizing /proc/sys/kernel/random/boot_id per container ?
Eric W. Biederman
ebiederm at xmission.com
Tue Sep 4 09:53:15 UTC 2012
Glauber Costa <glommer at parallels.com> writes:
> On 09/04/2012 12:42 PM, Glauber Costa wrote:
>> boot_id as a pid namespace id is a very well defined concept. We just
>> need an interface to set it up to make it stable across migration. Maybe
>> we can accept writes to this file as valid, provided the pid namespace
>> has only the init process.
>>
>> Then any tool could clone, mount proc, set this id, and continue
>> normally. Any objections ?
>
> Ok, the above is totally jet-lag induced garbage. I totally forgot this
> is a sysctl interface.
>
> We do per-netns sysctls just fine, why can't we do them here as well ?
Yes. This is a sysctl.
The definition of boot_id is that it is for detecting stale pids.
So it should be per pid-namespace not per-netns.
The sysctl infrastructure supports per pid-namespace sysctls as
easily as per-netns sysctls.
Well almost as easily as the glue code to write a register_pidns_sysctl
hasn't been written. But however the existing hack of looking at
current works fine for the moment as well.
Ultimately I want to get us to /proc/<pid>/sys/ so we can look at
each processes sysctls and tweak them. But that isn't this weeks
project.
Eric
More information about the Containers
mailing list