cgroup: status-quo and userland efforts
tj at kernel.org
Tue Apr 9 21:11:52 UTC 2013
On Tue, Apr 09, 2013 at 04:04:22PM -0500, Serge Hallyn wrote:
> So for instance if there is a dbus call saying "please create cgroup
> /x with (some constraints) and put $$ into it", "something" in the
> container can convert that into "please create cgroup /lxc/c1/x
> and put (host_uid($$)) into it" and pass that to the host's (or
> parent container's) "something".
Yeap, definitely. It shouldn't be difficult to make it transparent to
individual consumers. It would actually be far easier to achieve that
with userland agent which knows what's going on in the middle.
> So perhaps it is best if the container monitor, living in the parent
> namespaces, opens a socket '@cgroup_monitor' in the container
> namespace (through setns), listens for container-userpsace requests
> there, and passes them on to the host's monitor (which hopefully
> also listens on '@cgroup_monitor', @ being '\0'). Note that my
> mentino of converting pids requires a new kernel feature which we
> don't currently have (but have wanted for a long time).
Yeah, details may change but in principle something like that.
More information about the Containers