User: Password:
|
|
Subscribe / Log in / New account

Changes coming for systemd and control groups

Changes coming for systemd and control groups

Posted Jun 22, 2013 7:15 UTC (Sat) by sztanpet (subscriber, #60731)
In reply to: Changes coming for systemd and control groups by jhoblitt
Parent article: Changes coming for systemd and control groups

sure they can, they just need to arbitrate with that single cgroup manager and ask for them


(Log in to post comments)

Changes coming for systemd and control groups

Posted Jun 22, 2013 12:09 UTC (Sat) by justincormack (subscriber, #70439) [Link]

That was exactly the question I was going to ask. So you are saying no then. How can you arbitrate with a process that you cannot see because you are entirely isolated from it? Are we going to have to maintain a (hierarchy) of sockets to communicate with the root systemd, plus a dummy (dbus) endpoint to talk to it in each container?

The thing about the use of multiple trees in containers is that they are already hierarchical so the semantics should be much clearer, ie I can only subconstrain resources I already have.

Changes coming for systemd and control groups

Posted Jun 22, 2013 13:18 UTC (Sat) by sztanpet (subscriber, #60731) [Link]

of course it can see systemd, kdbus

Changes coming for systemd and control groups

Posted Jun 22, 2013 13:32 UTC (Sat) by justincormack (subscriber, #70439) [Link]

I would have thought that most people would be running namespaced kdbus in their containers too, if you want an isolated container (which is the normal use case). I guess you could do some contortion and unshare kdbus in the container systemd after startup? Is that the idea?

Changes coming for systemd and control groups

Posted Jun 23, 2013 17:12 UTC (Sun) by Tobu (subscriber, #24111) [Link]

While the container host will have to cooperate with its systemd instance, if systemd goes with a reasonable implementation I don't think the guest will have to be aware of the outer instance. The host will expose a subtree of the single hierarchy, and systemd will just have to not interfere with that subtree (which does involve relaxing the “all your cgroups are belong to us” policy). Some cgroup controllers will need to be made fully hierarchical to make this work.

Changes coming for systemd and control groups

Posted Jun 23, 2013 17:23 UTC (Sun) by justincormack (subscriber, #70439) [Link]

That sounds reasonable, but it would be nice if the kernel could just support bind mounts of part of the cgroup tree which could be given to the container instead (can you do that now? Never tried). But that does not quite sound like what is being proposed, as far as I can tell...

Changes coming for systemd and control groups

Posted Jun 23, 2013 17:31 UTC (Sun) by Tobu (subscriber, #24111) [Link]

Yeah, I did mean bind mounts, done by a userspace tool like LXC.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds