On Tue, 2019-02-19 at 23:06 +0000, David Howells wrote: > James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> wrote: > > > I thought we got agreement years ago that containers don't exist in > > Linux as a single entity: they're currently a collection of cgroups > > and namespaces some of which may and some of which may not be local > > to the entity the orchestration system thinks of as a "container". > > I wasn't party to that agreement and don't feel particularly bound by > it. That's not at all relevant, is it? The point is we have widespread uses of namespaces and cgroups that span containers today meaning that a "container id" becomes a problematic concept. What we finally got to with the audit people was an unmodifiable label which the orchestration system can set ... can't you just use that? James