Hello, Mike. On Fri, Jun 28, 2013 at 06:49:10AM +0200, Mike Galbraith wrote: > I always thought that was a very cool feature, mkdir+echo, poof done. > Now maybe that interface is suboptimal for serious usage, but it makes > the things usable via dirt simple scripts, very flexible, nice. Oh, that in itself is not bad. I mean, if you're root, it's pretty easy to play with and that part is fine. But combined with the hierarchical nature of cgroup and file permissions, it encourages people to "deligate" subdirectories to less previledged domains, which in turn leads to normal binaries to manipulate them directly, which is where the horror begins. We end up exposing control knobs which are tightly coupled to kernel implementation details right into lay binaries and scripts directly used by end users. I think this is the first time this happened, which is probably why nobody really noticed the mess earlier. Anyways, if you're root, you can keep doing whatever you want. You could be stepping on the centralized agent's toes a bit and vice-versa but I don't think that's gonna be disastrous. What I'm trying to stamp out is direct usages from !root domains and !system-management binaries / scripts. They absolutely have to go. There's no question about it and I'll take totalitarian userland agent anyday over the current mess. Eventually, I think we'll be able to reach an equilibrium where most things are reasonable and we'll be exploring the acceptable limits of flexibility again, but right now, please bear with the brutality. We're way over the line and I can't see a way back which isn't gonna sting a bit. I'm and will keep trying to make it as painless as possible. Thanks! -- tejun _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
