On 2/23/12 6:47 PM, KAMEZAWA Hiroyuki wrote:
In a distributed computing environment, a user submits a job to the
cluster job scheduler. The job might involve multiple related
executables and might involve multiple address spaces. But they're
performing one logical task, have a single resource limit enforced by a
cgroup.
They don't have access to each other's VMAs, but if "accidentally" one
of them comes across an uninitialized page with data from another task,
it's not a violation of the security model.
How do you handle shared resouce, file-cache ?
From a security perspective or a resource limit perspective?
Security: all processes in the cgroup run with the same uid and have the
same access to the filesystem. Multiple address spaces in a cgroup can
be thought of as an implementation detail.
Resource limit: We don't have strict enforcement right now. There is a
desire to include everything (file cache, slab memory) in the job's
memory resource limit.
-Arun
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>