[lxc-devel] just subscribed...

wiebittewas wiebittewas at googlemail.com
Fri Dec 3 11:12:05 UTC 2010 

Hi!

first, I subscribed to this list after I've (tardily) noticed lxc,
because it is something, that I could use for various small systems,
I'm managing and because it seems that there're things to do, before
this project can be really used in production.

Currently I use various modified kernels for that, but maybe some of
the work I've done there may be useful for this project, so possibly
I can help to reach this status.

Unfortunately I didn't found a short ToDo-List as in the kvm-project
(http://www.linux-kvm.org/page/TODO), but something like this would
be really helpful to decide, what could be the first/next step.

maybe someone can give an url or maybe there's a file in source or
anything else?

nevertheless I've got two questions:

lxc use cgroup, but I've seen, that ns_cgroup in kernel doesn't seem
to have other functions, than showing, which task *is* in a
namespace, or at least modifying "tasks" has no effect and the code
in ns_cgroup.c itself is really sparse.
unfortunaelty I did not find anything about the concrete aims of
this part of cgroup, but a short note, that it's possible, that it
will be removed next time because of this value to use.
Can anyone say something about ns_cgroup?

and what is about the concrete aim of namespaces in kernel? Sure,
partitioning as a technical aim, but is privacy another and could it
really be achieved? Concrete: mount-ns: it makes it possible to
mount filesystems without seeing them from root. This maybe useful
in a trustful environment (without patches in kernel), but if I'm in
a trustful environment, do I need this feature? So: is Privacy an
aim of mount-namespace or more or less an incidental part?

I'm asking, because the patches I've done on 2.6-kernel modifies it
in a way, so that it's possible to attach the current process to an
existing namespace and I'm wondering, if this mechanism may be
useful for lxc and have a chance to come into kernel. (not the code
- this is ugly, but maybe it's worth to refactor it)

at least for network-devices this late-attachment is possible, even
there're pids used, not namespaces themselves.

well that's all for now.
one note: because english is not my main-language, I may fail to use
the right vocabulary or grammar or perhaps it takes some time before
I answer, because I have to translate the things first, so please if
something sounds strange or makes no sense at all: please ask and be
a bit patient.
(and sure: the time for an answer also depends on my time I can
spend on this project and this is not too much)

wiebittetwas

More information about the lxc-devel mailing list