In fact this is almost what OpenVZ does for half a year, both containers and
VPIDs.
But it is very usefull to see process tree from host system. To be able to use
std tools to manage containers from host (i.e. ps, kill, top, etc.). So it is
much more convinient to have 2 pids. One globally unique, and one for container.
There are two issues here.
1) Monitoring. (ps, top etc)
2) Control (kill).
For monitoring you might need to patch ps/top a little but it is doable without
2 pids.
For kill it is extremely rude to kill processes inside of a nested pid space.
There are other solutions to the problem.
it is not always good idea to fix the tools everytime new functionality
is involved. why do you think there are no more tools except for
ps,top,kill? will you fix it all?
Another example, when you have problems in your VPS it is very
convinient to attach with strace/gdb/etc from the host. Will you patch
it as well?
OpenVZ big advantage is this ease of administering compared to VM
approach and it is not good idea to forbid this. If you have broken VM
you have problems, in OpenVZ you have control over VPSs.
It is undesireable to make it too easy to communicate through the barrier because
then applications may start to take advantage of it and then depend on
it and you will have lost the isolation that the container gives you.
in OpenVZ we have VPSs fully isolated between each other.
But host system has access to some of VPS resources such as files,
processes, etc. I understand your concern which is related to
checkpointing, yeah?
Kirill
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]