Serge E. Hallyn wrote:
Quoting Balbir Singh (balbir@xxxxxxxxxxxxxxxxxx):
On Tue, Jun 23, 2009 at 8:26 PM, Serge E. Hallyn<serue@xxxxxxxxxx> wrote:
A topic on ksummit agenda is 'containers end-game and how do we
get there'.
So for starters, looking just at application (and system) containers, what do
the libvirt and liblxc projects want to see in kernel support that is currently
missing? Are there specific things that should be done soon to make containers
more useful and usable?
More generally, the topic raises the question... what 'end-games' are there?
A few I can think of off-hand include:
1. resource control
We intend to hold a io-controller minisummit before KS, we should have
updates on that front. We also need to discuss CPU hard limits and
Memory soft limits. We need control for memory large page, mlock, OOM
notification support, shared page accounting, etc. Eventually on the
libvirt front, we want to isolate cgroup and lxc support into
individual components (long term)
Thanks, Balbir. By the last sentence, are you talking about having
cgroup in its own libcgroup, or do you mean something else?
On the topic of cgroups, does anyone not agree that we should try
to get rid of the ns cgroup, at least once user namespaces can
prevent root in a container from escaping their cgroup?
I agree if there is a compatibility flag to clone the parent when
creating a new cgroup, as suggested Paul.
Thanks
-- Daniel
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list