Single process controlling all cgroups sounds like looking in right direction but wrong solution.
rob at landley.net
Thu Jul 18 09:38:25 UTC 2013
On 07/15/2013 07:32:16 AM, Serge Hallyn wrote:
> Quoting Peter Dolding (oiaohm at gmail.com):
> > I followed the Maintainers File.
> > CONTROL GROUPS (CGROUPS)
> > M: Paul Menage <menage at google.com>
> > M: Li Zefan <lizf at cn.fujitsu.com>
> > L: containers at lists.linux-foundation.org
> Odd, my version has
> L: containers at lists.linux-foundation.org
> L: cgroups at vger.kernel.org
> The cgroups entry was added in November 2011 according to git-blame.
> I don't know why the kernel.org version is so old.
Because when kernel.org got broken into they did a major
barn-door-locking that took away everyone's account until you could get
your key signed by senior kernel developers in person, and since I
don't go to a lot of conferences I didn't manage that until February of
Then when I got my account back, I found out that the ability to rsync
over ssh had gone away and instead they've replaced shell access with a
home-grown tool called "kup" (because as well all know, the way to
secure a system is for non-security people to write their own tools
from scratch). And unfortunately, that tool is basically "git access
It's theoretically possible to copy files through kup, one at a time,
after individually cryptographically signing each file. It's also
possible to list directories through kup. So what I need to do is write
a shell script that traverses my local kdocs directory, lists the
contents on the website, makes two trees, compares the trees, figures
out which files need updating, signs each file and uploads it.
I.E. laboriously reimplementing a sad immitation of rsync through this
insane bespoke tool.
It's on my todo list...
(P.S. yes I asked: the kernel developers do not care in the slightest
that when the server changed out from under the users, their new tool
does not match my existing workflow. And it's their server, they can do
what they like. I'm just annoyed at the "department of homeland
security" levels of disproportionate response, and that containers are
still not considered worth using here.)
More information about the Containers