[Devel] Re: [PATCH 0/9] Multiple devpts instances
Daniel Lezcano
daniel.lezcano at free.fr
Thu Feb 19 10:09:45 PST 2009
H. Peter Anvin wrote:
> Daniel Lezcano wrote:
>
>> sukadev at linux.vnet.ibm.com wrote:
>>
>>> Enable multiple instances of devpts filesystem so each container can
>>> allocate
>>> ptys independently.
>>>
>>>
>> Hi suka,
>>
>> It looks like the /proc/sys/kernel/pty/max and nr are not virtualized.
>> Modifying in the container the "max" pty, that impacts the init_pty.
>> Same as nr which does not show the real number of pty allocated for the
>> container.
>>
>> Are you planning to fix this ?
>>
>>
>
> That's a separate issue, i.e. a resource allocation
> localization/globalization issue. The main reason for these limits is
> top put a cap on the amount of low kernel memory used on 32-bit systems
> especially, which is somewhat inherently global.
>
> Resource limit partitioning is a much bigger and orthogonal problem.
>
In this case we don't have the pty allocated independently, no ?
I mean one container can allocate 4095 pty, making a pty starvation for
others containers. Or imagine I am a vilain and I want to mess the other
containers, I can do echo 0 > /proc/sys/kernel/pty/max.
AFAIR, we said people making isolation of a resource is in charge (if it
is relevant), to take into account the /proc/sys part.
For example, making the network per namespace all the network
configuration variable located in /proc/sys/net are per namespace too.
When it is irrelevant the file is read-only or just not displayed.
IMHO, pty/max and pty/nr is part of the "multiple devpts instances" feature.
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list