Hi, Now that we are allowing udev to run in containers, Daniel has noticed that updates to sysfs uevent files will trigger a flurry of activity in all containers on the host. While not a problem with just a few containers, this can severaly impact performance with hundreds or more containers. (Daniel, would it be possible for you to get some measurements on host and in a container versus # of active containers, with and without udev? Do you have a otehrwise unused machien you could try that on?) Is there anything we can/should do about this? Two approaches, neither sufficiently thought out yet, would be to generalize the directory tagging currently used for /sys/class/net, and full-fledged implementation of a device namespace. The directory tagging would probably only work if we can assign multiple tags to a device, but we could for instance make /sys/block tagged, and really no container probably needs to see /sys/block/sda. The device namespace would be similar, except I suspect it would not only hide certain devices from certain namespaces, but it would actually virtualize the device major:minor mapping, for checkpoint/restart, so that /dev/sda could be redirected to another device more completely than simply fudging the nodes under /dev. Comments? Designs? Plans? thanks, -serge _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
