"J. Bruce Fields" <bfields@xxxxxxxxxxxx> writes: > On Tue, Aug 02, 2016 at 11:00:39AM -0500, Eric W. Biederman wrote: >> Nikolay Borisov <kernel@xxxxxxxx> writes: >> >> > Currently when /proc/locks is read it will show all the file locks >> > which are currently created on the machine. On containers, hosted >> > on busy servers this means that doing lsof can be very slow. I >> > observed up to 5 seconds stalls reading 50k locks, while the container >> > itself had only a small number of relevant entries. Fix it by >> > filtering the locks listed by the pidns of the current process >> > and the process which created the lock. >> >> The locks always confuse me so I am not 100% connecting locks >> to a pid namespace is appropriate. >> >> That said if you are going to filter by pid namespace please use the pid >> namespace of proc, not the pid namespace of the process reading the >> file. > > Oh, that makes sense, thanks. > > What does /proc/mounts use, out of curiosity? The mount namespace that > /proc was originally mounted in? /proc/mounts -> /proc/self/mounts /proc/[pid]/mounts lists mounts from the mount namespace of the appropriate process. That is another way to go but it is a tread carefully thing as changing things that way it is easy to surprise apparmor or selinux rules and be surprised you broke someones userspace in a way that prevents booting. Although I suspect /proc/locks isn't too bad. Eric _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers