Received: by 2002:ac0:a679:0:0:0:0:0 with SMTP id p54csp68564imp; Tue, 19 Feb 2019 18:21:00 -0800 (PST) X-Google-Smtp-Source: AHgI3IZJZIuVUjY2PC8KmxMn3OxPcmSmFvRym9ri2pi+mHHFoRPvphxH+n1JnUwPy/44pckFNo7B X-Received: by 2002:a62:8a08:: with SMTP id y8mr32475695pfd.246.1550629260811; Tue, 19 Feb 2019 18:21:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550629260; cv=none; d=google.com; s=arc-20160816; b=0AJrBQ7VUXgkFGtvtyVpODDY++LCzkhXQjpk2fXJCUx7w5JJDLj/B2aOCZ0x2ypxHf T1fwqXPBQVD+0LvPRhw6+tAlRn4zKMzhArFzE2yMbPxYQQo7Fmz2A+IvbKW/ao/8bB2t 67BGxRUocvFcLdp3U4oIc72WS3Hyznacf4QQBeSUcnOM1ytCUD1jOddLx1mq/H6ydZ9R 0SyYhHtWHEzLEaQoTjNQhV4crckSBy02dmJ9oL8E4SAEV89IkCGmFYNT6Tl28uX58jTT +OA7djMyW2uxkPzrWH2sVSoe9pqeALJF62MCsUPJieYNWy6Q+16aORhiIlQJPQF3dFzI 8Ojg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :dkim-signature; bh=l09SAJu7oqG/C0+fkzXpXK4HDmSwQpHjMTA6O8w0uXs=; b=nzzU2nolH8UqJrC+0iJgFZb7rq1S+a7RraBLBBZLP348khAjRBlREzR25PMfOtPGpN Gpxv540tgj7H1E1eUF8YC1NGouxvs4QpCQCrg27z8VfuSMvEvj6uO2BFfVPDLNVu1vZA 4EmKfmZrLk7CPGdGVWA4FUsfb7+Vo70kxVEUlew6+zjrt8vOAYIZ9tq9rbx4FEQfbXrI EU7rWtNa2hv95tDtCG2PsC3l3OR4WFHL5joEnKm8U2z4+PwuayFidBYnzjB6loKFkKzs Zv0SGx882cxHbNlLUsQi5DG43UMetai0WVoh792l7X1i/ir3jCw16++GF04vQiz1aRFP 3qyg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b="Hx/2U7zh"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s73si17227922pfs.54.2019.02.19.18.20.45; Tue, 19 Feb 2019 18:21:00 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b="Hx/2U7zh"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729625AbfBTCUX (ORCPT + 99 others); Tue, 19 Feb 2019 21:20:23 -0500 Received: from bedivere.hansenpartnership.com ([66.63.167.143]:45226 "EHLO bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726235AbfBTCUX (ORCPT ); Tue, 19 Feb 2019 21:20:23 -0500 Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id 5C7498EE235; Tue, 19 Feb 2019 18:20:22 -0800 (PST) Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s9oNZuQAem3F; Tue, 19 Feb 2019 18:20:22 -0800 (PST) Received: from [153.66.254.194] (unknown [50.35.68.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 7A7E28EE21A; Tue, 19 Feb 2019 18:20:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com; s=20151216; t=1550629221; bh=Sv05kO616trax6QX+MKM8GQoT95dBmrnAy9m8tcgS+U=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=Hx/2U7zh6bPP50kPafInPt5h8xpRnWpTE6DK1PBZw4PWDDrBwQMwyUajynAGYxcPd KxEkrdu1tD2aCxGQTLl5dxmVgEuC21bt3yFrqUir4ZIl6XB9G3miFn/zIFccie3Gox TX7lmNgsPT0d1ornz8fKEze4OEViFT4q5xX4Y0UA= Message-ID: <1550629220.11684.3.camel@HansenPartnership.com> Subject: Re: [RFC PATCH 02/27] containers: Implement containers as kernel objects From: James Bottomley To: David Howells Cc: keyrings@vger.kernel.org, trond.myklebust@hammerspace.com, sfrench@samba.org, linux-security-module@vger.kernel.org, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, linux-fsdevel@vger.kernel.org, rgb@redhat.com, linux-kernel@vger.kernel.org, containers@lists.linux-foundation.org, cgroups@vger.kernel.org Date: Tue, 19 Feb 2019 18:20:20 -0800 In-Reply-To: <19562.1550617574@warthog.procyon.org.uk> References: <1550432358.2809.21.camel@HansenPartnership.com> <155024683432.21651.14153938339749694146.stgit@warthog.procyon.org.uk> <155024685321.21651.1504201877881622756.stgit@warthog.procyon.org.uk> <19562.1550617574@warthog.procyon.org.uk> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.26.6 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2019-02-19 at 23:06 +0000, David Howells wrote: > James Bottomley wrote: > > > I thought we got agreement years ago that containers don't exist in > > Linux as a single entity: they're currently a collection of cgroups > > and namespaces some of which may and some of which may not be local > > to the entity the orchestration system thinks of as a "container". > > I wasn't party to that agreement and don't feel particularly bound by > it. That's not at all relevant, is it? The point is we have widespread uses of namespaces and cgroups that span containers today meaning that a "container id" becomes a problematic concept. What we finally got to with the audit people was an unmodifiable label which the orchestration system can set ... can't you just use that? James