[Devel] Re: [PATCH] containers: define a namespace container subsystem
Serge E. Hallyn
serue at us.ibm.com
Fri Feb 2 15:35:09 PST 2007
Quoting Paul Menage (menage at google.com):
> On 1/30/07, Serge E. Hallyn <serue at us.ibm.com> wrote:
> >
> >It behaves pretty differently from other subsystems implemented
> >so far, which could either be seen as evidence that it doesn't
> >belong as a subsystem, or, more likely, that the container
> >subsystem approach is quite flexible.
>
> The latter - the container system is meant to be able to supportmore
> than just resource controllers.
>
> >+ char *name)
> >+{
> >+ struct dentry *d = container_get_dentry(parent->dentry, name);
> >+ return d ? d->d_fsdata : NULL;
> >+}
> >+
> >+#define NS_CONT_MODE (S_IFDIR | S_IRUGO | S_IXUGO | S_IWUSR)
> >+int container_switch(struct task_struct *tsk)
> >+{
> >+ int h;
> >+ struct container *cur_cont, *new_cont;
> >+ char path[20];
> >+ struct qstr name;
> >+ struct dentry *dentry;
> >+ int ret;
> >+ char *pathbuf = NULL;
> >+ char buffer[20];
> >+
> >+ /* check if nsproxy subsys is registered */
> >+ if (ns_container_subsys_idx == -1)
> >+ return 0;
> >+
> >+ printk(KERN_NOTICE "%s: ns_container subsys registered\n",
> >__FUNCTION__);
> >+ /* check if nsproxy subsys is mounted in some hierarchy */
> >+ rcu_read_lock();
> >+ h = rcu_dereference(subsys[ns_container_subsys_idx]->hierarchy);
> >+ rcu_read_unlock();
> >+ if (h == 0) {
> >+ /* do we mount the nsproxy subsys, or just skip
> >+ * creating a container? I think we just skip
> >+ * it.
>
> I'd say that we should try to create a fresh hierarchy with just the
> nsproxy subsystem on it. Otherwise if someone tries to mount the
> nsproxy subsystem later, we end up with some namespaces with no
> container.
Yes, but if we automatically create a fresh hierarchy with just the
nsproxy subsystem on it, then if you do any unsharing during boot or
login, which with pam_namespace on LSPP systems is very possible, then
you'll never be able to manually mount a hierarchy with an nsproxy
subsystem and a resource controller in the same hierarchy.
Whereas having the topmost container contain a bunch of nsproxies really
isn't a problem I don't think.
> This looks great - I'll incorporate it or something like it in my next
> patch set.
Great. Note though that I just found a little buglet - the following
patch is needed for the !CONFIG_CONTAINERS case :)
thanks,
-serge
Subject: [PATCH] fix !config_containers compile
when container_switch was changed from returning void to int,
the !config_containers inline version was not updated.
Signed-off-by: Serge E. Hallyn <serue at us.ibm.com>
---
include/linux/container.h | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
6adc0fbab23e7f971750c3eb6c244d1008a636c0
diff --git a/include/linux/container.h b/include/linux/container.h
index 15b0446..a9075ac 100644
--- a/include/linux/container.h
+++ b/include/linux/container.h
@@ -222,7 +222,7 @@ static inline void container_exit(struct
static inline void container_lock(void) {}
static inline void container_unlock(void) {}
-static inline void container_switch(struct task_struct *tsk) { }
+static inline int container_switch(struct task_struct *tsk) { }
#endif /* !CONFIG_CONTAINERS */
--
1.1.6
_______________________________________________
Containers mailing list
Containers at lists.osdl.org
https://lists.osdl.org/mailman/listinfo/containers
More information about the Devel
mailing list