[Devel] Re: kernel summit topic - 'containers end-game'

Serge E. Hallyn serue at us.ibm.com
Tue Jul 7 09:14:40 PDT 2009


Quoting Oren Laadan (orenl at cs.columbia.edu):
> 
> 
> Serge E. Hallyn wrote:
> > Quoting Oren Laadan (orenl at cs.columbia.edu):
> >>
> >> Serge E. Hallyn wrote:
> >>> Quoting Oren Laadan (orenl at cs.columbia.edu):
> >>>> Serge E. Hallyn wrote:
> >>>>> A topic on ksummit agenda is 'containers end-game and how do we
> >>>>> get there'.
> >>>>>
> >>>>> So for starters, looking just at application (and system) containers, what do
> >>>>> the libvirt and liblxc projects want to see in kernel support that is currently
> >>>>> missing?  Are there specific things that should be done soon to make containers
> >>>>> more useful and usable?
> >>>>>
> >>>>> More generally, the topic raises the question... what 'end-games' are there?
> >>>>> A few I can think of off-hand include:
> >>>>>
> >>>>> 	1. resource control
> >>>>> 	2. lightweight virtual servers
> >>>>> 	3. (or 2.5) unprivileged containers/jail-on-steroids
> >>>>> 		(lightweight virtual servers in which you might, just
> >>>>> 		maybe, almost, be able to give away a root account, at
> >>>>> 		least as much as you could do so with a kvm/qemu/xen
> >>>>> 		partition)
> >>>>> 	4. checkpoint, restart, and migration
> >>>>>
> >>>>> For each end-game, what kernel pieces do we think are missing?  For instance,
> >>>>> people seem agreed that resource control needs io control :)  Containers imo
> >>>>> need a user namespace.  I think there are quite a few network namespace
> >>>>> exploiters who require sysfs directory tagging (or some equivalent) to
> >>>>> allow us to migrate physical devices into network namespaces.  And
> >>>>> checkpoint/restart needs... checkpoint/restart.
> >>>> Heh ... it does need ... checkpoint/restart; and a few issues
> >>>> which we should think about sometime --
> >>> Yup, these are all things we need to discuss.  For some of them we might
> >>> just need to flail about and code a few approaches until we figure out an
> >>> answer, but then I think that everyone has thought about a few of these
> >>> in some detail, so there probably is much we could gain from talking.
> >>>
> >>> ...  Does this mean we should try to have a mini-summit in the next 6
> >>> months or so?  I'd recommend having one right before kernel summit so
> >>> we can get our act together, but getting everyone to tokyo to chat seems
> >>> uneconomical :)  It'd be good to chat about at least the first two items
> >>> before the summit, though.
> >>>
> >> How about linux plumbers ?
> > 
> > Well it seems like an appropriate place for it.  Alas there is almost no chance
> > of my being there, but let's hear a roll call - how many people (interested in
> > checkpoint/restart) will be or can be at plumber's?
> > 
> > I'm pretty sure Suka and Dave will be there.
> 
> Seems like I can make it.

Alexey, are you planning on being at the plumber's conf this year?

-serge
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers




More information about the Devel mailing list