[lxc-devel] just subscribed...

Michael H. Warfield mhw at WittsEnd.com
Fri Dec 3 18:23:43 UTC 2010 

Hello!

On Fri, 2010-12-03 at 12:12 +0100, wiebittewas wrote: 
> Hi!

> first, I subscribed to this list after I've (tardily) noticed lxc,
> because it is something, that I could use for various small systems,
> I'm managing and because it seems that there're things to do, before
> this project can be really used in production.

> Currently I use various modified kernels for that, but maybe some of
> the work I've done there may be useful for this project, so possibly
> I can help to reach this status.

> Unfortunately I didn't found a short ToDo-List as in the kvm-project
> (http://www.linux-kvm.org/page/TODO), but something like this would
> be really helpful to decide, what could be the first/next step.

> maybe someone can give an url or maybe there's a file in source or
> anything else?

> nevertheless I've got two questions:

> lxc use cgroup, but I've seen, that ns_cgroup in kernel doesn't seem
> to have other functions, than showing, which task *is* in a
> namespace, or at least modifying "tasks" has no effect and the code
> in ns_cgroup.c itself is really sparse.
> unfortunaelty I did not find anything about the concrete aims of
> this part of cgroup, but a short note, that it's possible, that it
> will be removed next time because of this value to use.
> Can anyone say something about ns_cgroup?

If you check on the containers list you'll hear a lot about ns_cgroup
and most of it very negative and it's on its way out on skids.  It might
even already be gone in 2.6.36 but it's been a thorn in peoples sides
from the reading I've seen of it.

Looks like a patch was submitted way back in July by Serge to get rid of
it entirely.  That maybe 2.6.36 but almost certainly 2.6.37.

This is really a containers question, not an lxc question.

> and what is about the concrete aim of namespaces in kernel? Sure,
> partitioning as a technical aim, but is privacy another and could it
> really be achieved? Concrete: mount-ns: it makes it possible to
> mount filesystems without seeing them from root. This maybe useful
> in a trustful environment (without patches in kernel), but if I'm in
> a trustful environment, do I need this feature? So: is Privacy an
> aim of mount-namespace or more or less an incidental part?

Again, this is more of a containers question than an lxc question.

I would suggest subscribing to the Containers list:

https://lists.linux-foundation.org/mailman/listinfo/containers

A bunch of them, including Serge, are on this list but that might be a
more appropriate spot for your questions.  He might be able to comment
further.

You can also browse the archives for that list here:

http://lists.linux-foundation.org/pipermail/containers

In particular, for your first question, please check out this thread
here:

https://lists.linux-foundation.org/pipermail/containers/2010-July/025069.html

> I'm asking, because the patches I've done on 2.6-kernel modifies it
> in a way, so that it's possible to attach the current process to an
> existing namespace and I'm wondering, if this mechanism may be
> useful for lxc and have a chance to come into kernel. (not the code
> - this is ugly, but maybe it's worth to refactor it)

On the containers list, that's already been in the works and, I believe,
implemented in some manner and just hasn't trickled out into the distros
yet.

> at least for network-devices this late-attachment is possible, even
> there're pids used, not namespaces themselves.
> 
> well that's all for now.
> one note: because english is not my main-language, I may fail to use
> the right vocabulary or grammar or perhaps it takes some time before
> I answer, because I have to translate the things first, so please if
> something sounds strange or makes no sense at all: please ask and be
> a bit patient.
> (and sure: the time for an answer also depends on my time I can
> spend on this project and this is not too much)
> 
> wiebittetwas

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20101203/400069b9/attachment.pgp>

More information about the lxc-devel mailing list