On Fri, 16 Dec 2005 09:35:19 PST, Dave Hansen wrote:
> On Thu, 2005-12-15 at 19:28 -0800, Gerrit Huizenga wrote:
> > In the pid virtualization, I would think that tasks can move between
> > containers as well,
>
> I don't think tasks can not be permitted to move between containers. As
> a simple exercise, imagine that you have two processes with the same
> pid, one in container A and one in container B. You wish to have them
> both run in container A. They can't both have the same pid. What do
> you do?
>
> I've been talking a lot lately about how important filesystem isolation
> between containers is to implement containers properly. Isolating the
> filesystem namespaces makes it much easier to do things like fs-based
> shared memory during a checkpoint/resume. If we want to allow tasks to
> move around, we'll have to throw out this entire concept. That means
> that a _lot_ of things get a notch closer to the too-costly-to-implement
> category.
Interesting... So how to tasks get *into* a container? And can they
ever get back "out" of a container? Are most processes on the system
initially not in a container? And then they can be stuffed in a container?
And then containers can be moved around or be isolated from each other?
And, is pid virtualization the point where this happens? Or is that
a slightly higher level? In other words, is pid virtualization the
full implementation of container isolation? Or is it a significant
element on which additional policy, restrictions, and usage models
can be built?
gerrit
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
