Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751403Ab3F1FBn (ORCPT ); Fri, 28 Jun 2013 01:01:43 -0400 Received: from mail-pb0-f54.google.com ([209.85.160.54]:60067 "EHLO mail-pb0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750814Ab3F1FBl (ORCPT ); Fri, 28 Jun 2013 01:01:41 -0400 Date: Thu, 27 Jun 2013 22:01:38 -0700 From: Tejun Heo To: Mike Galbraith Cc: Tim Hockin , Li Zefan , Containers , Cgroups , bsingharora , "dhaval.giani" , Kay Sievers , jpoimboe , "Daniel P. Berrange" , lpoetter , workman-devel , "linux-kernel@vger.kernel.org" Subject: Re: cgroup: status-quo and userland efforts Message-ID: <20130628050138.GD2500@htj.dyndns.org> References: <20130625000118.GT1918@mtj.dyndns.org> <20130626212047.GB4536@htj.dyndns.org> <1372311907.5871.78.camel@marge.simpson.net> <20130627180143.GD5599@mtj.dyndns.org> <1372391198.5989.110.camel@marge.simpson.net> <20130628040930.GC2500@htj.dyndns.org> <1372394950.5989.128.camel@marge.simpson.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1372394950.5989.128.camel@marge.simpson.net> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1962 Lines: 43 Hello, Mike. On Fri, Jun 28, 2013 at 06:49:10AM +0200, Mike Galbraith wrote: > I always thought that was a very cool feature, mkdir+echo, poof done. > Now maybe that interface is suboptimal for serious usage, but it makes > the things usable via dirt simple scripts, very flexible, nice. Oh, that in itself is not bad. I mean, if you're root, it's pretty easy to play with and that part is fine. But combined with the hierarchical nature of cgroup and file permissions, it encourages people to "deligate" subdirectories to less previledged domains, which in turn leads to normal binaries to manipulate them directly, which is where the horror begins. We end up exposing control knobs which are tightly coupled to kernel implementation details right into lay binaries and scripts directly used by end users. I think this is the first time this happened, which is probably why nobody really noticed the mess earlier. Anyways, if you're root, you can keep doing whatever you want. You could be stepping on the centralized agent's toes a bit and vice-versa but I don't think that's gonna be disastrous. What I'm trying to stamp out is direct usages from !root domains and !system-management binaries / scripts. They absolutely have to go. There's no question about it and I'll take totalitarian userland agent anyday over the current mess. Eventually, I think we'll be able to reach an equilibrium where most things are reasonable and we'll be exploring the acceptable limits of flexibility again, but right now, please bear with the brutality. We're way over the line and I can't see a way back which isn't gonna sting a bit. I'm and will keep trying to make it as painless as possible. Thanks! -- tejun -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/