Re: [PATCH] meminfo: show /proc/meminfo base on container's memcg
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
(2012/05/31 14:02), David Rientjes wrote:
On Thu, 31 May 2012, Kamezawa Hiroyuki wrote:It's not just a memcg issue, it would also be a cpusets issue.I think you can add cpuset.meminfo.It's simple to find the same information by reading the per-node meminfo files in sysfs for each of the allowed cpuset mems. This is why this approach has been nacked in the past, specifically by Paul Jackson when he implemented cpusets.
I don't think there was a discussion of LXC in that era.
The bottomline is that /proc/meminfo is one of many global resource state interfaces and doesn't imply that every thread has access to the full resources. It never has. It's very simple for another thread to consume a large amount of memory as soon as your read() of /proc/meminfo completes and then that information is completely bogus.
Why you need to discuss this here ? We know all information are snapshot.
We also don't want to virtualize every single global resource state interface, it would be never ending.
Just doing one by one. It will end.
Applications that administer memory cgroups or cpusets can get this information very easily, each application within those memory cgroups or cpusets does not need it and should not rely on it: it provides no guarantee about future usage nor notifies the application when the amount of free memory changes.
If so, the admin should have know-how to get the information from the inside of the container. If container is well-isolated, he'll need some trick to get its own cgroup information from the inside of containers. Hmm....maybe need to mount cgroup in the container (again) and get an access to cgroup hierarchy and find the cgroup it belongs to......if it's allowed. I don't want to allow it and disable it with capability or some other check. Another idea is to exchange information by some network connection with daemon in root cgroup, like qemu-ga. And free, top, ....misc applications should support it. It doesn't seem easy. It may be better to think of supporting yet another FUSE procfs, which will work with libvirt in userland if having it in the kernel is complicated. Thanks, -Kame _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
[Cgroups] [Netdev] [Linux Wireless] [Kernel Newbies] [Memory] [Security] [Linux for Hams] [Netfilter] [Bugtraq] [Photo] [Yosemite] [Yosemite Forum] [MIPS Linux] [ARM Linux] [Linux RAID] [Linux Admin] [Find Someone Nice] [Samba] [Video 4 Linux] [Computer Add-ons]