PID virtualization: a wealth of choices
Posted Feb 18, 2006 9:35 UTC (Sat) by dev
In reply to: PID virtualization: a wealth of choices
Parent article: PID virtualization: a wealth of choices
Eric, you know well that your approach has disadvantages:
- you introduce strong isolation, when host can't access container.
This makes containers less manageable. For example, in OpenVZ host system can control processes from VPS. You can gdb/strace/kill etc. You can use ps/top and all the existing tools. In your case, you need to introduce new syscalls, which would allow to ptrace/kill foreign processes and you need to patch all the management tools in the world.
- On the other hand VPID approach can be easialy used for both weak/strong isolation. It doesn't care.
- you mess up with interfaces like clone().
- I wouldn't mention your approach to procfs, while OpenVZ virtualizes this FS.
- you missed a lot of issues/bugs/SMP races which were pointed to you
Just my 2 cents if you start making PR.
to post comments)