Another daemon for managing control groups
Another daemon for managing control groups
Posted Dec 5, 2013 22:35 UTC (Thu) by jspaleta (subscriber, #50639)In reply to: Another daemon for managing control groups by jubal
Parent article: Another daemon for managing control groups
The workman-devel list archived communication in June and July between Tejun and Tim really captures the meat of the dispute. Tim was blindsided by the speed at which systemd's implementation of a manager matured to meet the kernel side development of the new interface. And even though Tejun tries to explain why the kernel interface changes are happening, I never get the feeling Tim understands what Tejun is attempting to communicate. Tim's unhappy that the single heiarchy change is going to land on the kernel side. Tim is unhappy that the new kernel interface is taking away flexibility his use case currently relies on. The kernel side change is coming, regardless of systemd's high level implementation decision on how to deal with that inbound kernel change. It's coming. Tim admits Google already has an in-production in-house developed high level API for cgroup management in some form (oh the irony of that!)
The fact that systemd has a mature implementation of a cgroup manager API for the new kernel interface with kernel dev side buy-in is germane to Tim's core concern only because the maturity of that implementation means he potentially has less time to ignore the new kernel interface and to deal with adapting Google's in-house uncollaboratively developed tooling, by spinning up an alternative implementation to meet the requirements of the new cgroups interface. Even though Tejun diffuses this concern to some degree by stating the older, less secure interface will still be there, and Google should be able to continue running as is.
Thought out the entire discussion Tim's concern is still primarily about the collapse of the multi-hierarchy which Google's use case depends on and the requirement of having a central manager. Tim really doesn't care what systemd is doing as a high level API to wrap the kernel interface. Google isn't going to use it. Google is happy with their in-house tools.
There is a lot to chew on in that workman-devel thread... just in the discussion between Tejun and Tim and ignoring all other discussion. I'm left seriously wondering if Tim really understands and appreciates the security issues Tejun is attempting to solve with the new cgroups interface.
Tejun is serious about cleaning up the cgroup interface. Seriously serious.
The more people start pushing back about the proposed kernel side adjustments with details of how it breaks their use case, the more Tejun's concerns make sense to me from a security persepctive. People are doing some crazy crazy things with cgroups.