Single process controlling all cgroups sounds like looking in right direction but wrong solution.

Rob Landley rob at landley.net
Thu Jul 18 09:38:25 UTC 2013


On 07/15/2013 07:32:16 AM, Serge Hallyn wrote:
> Quoting Peter Dolding (oiaohm at gmail.com):
> > I followed the Maintainers File.   
> https://www.kernel.org/doc/linux/MAINTAINERS
> > CONTROL GROUPS (CGROUPS)
> > M:	Paul Menage <menage at google.com>
> > M:	Li Zefan <lizf at cn.fujitsu.com>
> > L:	containers at lists.linux-foundation.org
> 
> Odd, my version has
> 
> L:      containers at lists.linux-foundation.org
> L:      cgroups at vger.kernel.org
> 
> The cgroups entry was added in November 2011 according to git-blame.
> I don't know why the kernel.org version is so old.

Because when kernel.org got broken into they did a major  
barn-door-locking that took away everyone's account until you could get  
your key signed by senior kernel developers in person, and since I  
don't go to a lot of conferences I didn't manage that until February of  
this year.

Then when I got my account back, I found out that the ability to rsync  
over ssh had gone away and instead they've replaced shell access with a  
home-grown tool called "kup" (because as well all know, the way to  
secure a system is for non-security people to write their own tools  
from scratch). And unfortunately, that tool is basically "git access  
and afterthoughts".

It's theoretically possible to copy files through kup, one at a time,  
after individually cryptographically signing each file. It's also  
possible to list directories through kup. So what I need to do is write  
a shell script that traverses my local kdocs directory, lists the  
contents on the website, makes two trees, compares the trees, figures  
out which files need updating, signs each file and uploads it.

I.E. laboriously reimplementing a sad immitation of rsync through this  
insane bespoke tool.

It's on my todo list...

Rob

(P.S. yes I asked: the kernel developers do not care in the slightest  
that when the server changed out from under the users, their new tool  
does not match my existing workflow. And it's their server, they can do  
what they like. I'm just annoyed at the "department of homeland  
security" levels of disproportionate response, and that containers are  
still not considered worth using here.)


More information about the Containers mailing list