Re: [PATCH 00/10] cgroups: Task counter subsystem v8

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Feb 01, 2012 at 11:51:07AM -0800, Andrew Morton wrote:
> On Wed, 1 Feb 2012 19:50:01 +0100
> Frederic Weisbecker <fweisbec@xxxxxxxxx> wrote:
> 
> > On Wed, Feb 01, 2012 at 08:31:26AM -0800, Tejun Heo wrote:
> > > On Wed, Feb 01, 2012 at 04:37:40AM +0100, Frederic Weisbecker wrote:
> > > > Changes In this version:
> > > > 
> > > > - Split 32/64 bits version of res_counter_write_u64() [1/10]
> > > >   Courtesy of Kirill A. Shutemov
> > > > 
> > > > - Added Kirill's ack [8/10]
> > > > 
> > > > - Added selftests [9/10], [10/10]
> > > > 
> > > > Please consider for merging. At least two users want this feature:
> > > 
> > > Has there been further discussion about this approach?  IIRC, we
> > > weren't sure whether this should be merged.
> > 
> > The doubts I have noticed were:
> > 
> > Q: Can't we rather focus on a global solution to fight forkbombs?
> > 
> > If we can find a reliable solution that works in any case and that
> > prevent from any forkbomb to impact the rest of the system then it
> > may be an acceptable solution. But I'm not aware of such feature.
> > 
> > Besides, another point in having this task counter is that we
> > have a per container limit. Assuming all containers are running under
> > the same user, we can protect against a container starving all others
> > with a massive amount of processes close to the NR_PROC rlimit.
> > 
> > Q: Can/should we implement a limitation on the number of "fork" as well?
> >    (as in https://lkml.org/lkml/2011/11/3/233 )
> > 
> > I'm still not sure about why such a thing is needed. Is it really something we
> > want? Why can't the task counter be used instead?
> > 
> > I need more details from the author of this patch. But I doubt we can merge
> > both subsystems, they have pretty different semantics.
> 
> What I struggle with is "is this feature useful enough to warrant
> merging it"?

The reason why I've been working on it is because we need this feature
(at least) for LXC.

Two people from our teams have jumped onto the discussion to express
that they want this feature and why:

https://lkml.org/lkml/2011/12/13/309
https://lkml.org/lkml/2011/12/13/364
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers


[Index of Archives]     [Cgroups]     [Netdev]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux