[Devel] [RFC rh7] ve: cgroups -- Allow to attach non-self into ve cgroups
Kirill Tkhai
ktkhai at odin.com
Fri Jun 19 03:15:31 PDT 2015
В Чт, 18/06/2015 в 21:26 +0300, Cyrill Gorcunov пишет:
> On Tue, Jun 16, 2015 at 07:51:52PM +0300, Cyrill Gorcunov wrote:
> > >
> > > If we have any problems because of this, the solution is good.
> >
> > OK. Gimme sometime (util tomorrow probably) to think of. This issue
> > not critical at the moment because we know that we're moving one
> > task only (from vzctl). So we can investigate.
>
> Kirill, you know I think Vladimir's proposal is the best option here.
> Yes there is a window when task_ve is not yet updated but ve interface
> is special and supposed to be run in a predefined way (ie moving
> caller of container's init [read vzctl] should be done in a forkless
> manner). So I think we can trade this off for a simplier solution,
> right? Also maybe we should add some check for creds thus arbitrary
> userspace apps wont be moved here and there. If there some other
> way -- please share (rcu for get-exec-env still look woth to add).
Ok, I have no objections. The only thing is we need to carefully
use direct task_ve in the future. All current place, where we use
it, are safe.
Kirill
More information about the Devel
mailing list