Quoting Oren Laadan (orenl@xxxxxxxxxxxxxxx): > > Hi, > > Serge E. Hallyn wrote: > > Quoting Alexey Dobriyan (adobriyan@xxxxxxxxx): > > > > Hi Alexey, > > > > as far as I can see, the main differences between this patch and the > > equivalent in Oren's tree are: > > > > 1. kernel auto-selects container init to freeze > > Actually, this eliminates the possibility to checkpoint a subtree of > tasks, which (under some obvious constraints) can be a handy feature. Yes, I agree. As Dave pointed out on irc yesterday, this patch shows a very definate whole-container-only point of view which is worth discussing. > > 2. kernel freezes tasks > > IMHO better to do it in userspace - that way userspace can accomplish > other tasks while tasks are frozen, such as snapshot the filesystem, > or block/unblock the network. That's a good point. > Is there a good argument to do it kernel ? Convenience? I guess you don't have to worry about getting your checkpoint job into a cgroup by itself ahead of time. > > 3. no objhash taking references > > 4. no hbuf > > 5. always require CAP_SYS_ADMIN > > I'm now convinced (thanks, Serge!) that it's better not to require > this unless we strictly have to. :) Cool. I think the perceived need for it comes, as above, from the pure checkpoint-a-whole-container-only view. So long as you will checkpoint/restore a whole container, then you'll end up doing something requiring privilege anyway. But that is not all of the use cases. -serge _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
