Serge E. Hallyn wrote: > Quoting Balbir Singh (balbir@xxxxxxxxxxxxxxxxxx): > >> On Tue, Jun 23, 2009 at 8:26 PM, Serge E. Hallyn<serue@xxxxxxxxxx> wrote: >> >>> A topic on ksummit agenda is 'containers end-game and how do we >>> get there'. >>> >>> So for starters, looking just at application (and system) containers, what do >>> the libvirt and liblxc projects want to see in kernel support that is currently >>> missing? Are there specific things that should be done soon to make containers >>> more useful and usable? >>> >>> More generally, the topic raises the question... what 'end-games' are there? >>> A few I can think of off-hand include: >>> >>> 1. resource control >>> >> We intend to hold a io-controller minisummit before KS, we should have >> updates on that front. We also need to discuss CPU hard limits and >> Memory soft limits. We need control for memory large page, mlock, OOM >> notification support, shared page accounting, etc. Eventually on the >> libvirt front, we want to isolate cgroup and lxc support into >> individual components (long term) >> > > Thanks, Balbir. By the last sentence, are you talking about having > cgroup in its own libcgroup, or do you mean something else? > > On the topic of cgroups, does anyone not agree that we should try > to get rid of the ns cgroup, at least once user namespaces can > prevent root in a container from escaping their cgroup? > I agree if there is a compatibility flag to clone the parent when creating a new cgroup, as suggested Paul. Thanks -- Daniel _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
