Received: by 2002:ac0:a679:0:0:0:0:0 with SMTP id p54csp86099imp; Tue, 19 Feb 2019 18:47:13 -0800 (PST) X-Google-Smtp-Source: AHgI3IazbMhAXQ2MuKWns91z9NvIXOSRL77CYlh2VKwI9scUx5o0obNIaeB4zCSu9xms4mILAsmE X-Received: by 2002:a17:902:aa8d:: with SMTP id d13mr34311175plr.293.1550630833097; Tue, 19 Feb 2019 18:47:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550630833; cv=none; d=google.com; s=arc-20160816; b=DQ9C3YyPe1MWGzGAlrSt9YpwKV02Vgfm7Nb/5qafelm7XNZCtW/xmKjWMptHo4/2YJ U3GQuOdEEmqHqUtz+lWbvdRO9qXn44ya2Bm5YlEfo1AmsM3waUyUlf97t+tSvc39B8BQ jVYKrwKBQbN7sF1aV1A+SWcEka3F7jMcHshBFVOj8uvgpW7vJihDT7YSG5DMH6ago0Qe xe9mC1mjhf9r12beqGLCFOQdm1b11DEYfIGp4s9umHckc6UmU8ZaETGm6/5t5+bTIDaq gbKxpsPgWa5EMO5jOyhLggTCDMZEZa0hIt9qbTcZD/oj9IsRzfNSJqFHAyJHgnUW449f gdnA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :dkim-signature:dkim-signature; bh=YqCbabGzvKCWGS13EUnOLA95VIhsqfmIn0nslossjtk=; b=PxjnC1eoWYrINcFUpGum6/O6rl8Z0TvtTMbvddR+lFyTqI26trppDvcS7Bvqrtb/DH QpwBZpXwxgQkIy4RusG7grBi1eyQ8HRWc+A75LnULrxOJHGJJPCAKwgRS5XCldO7UT+I iROJTPb+RStYe1TAZNnzq0AFUiqAkoBY+uB0TZk4F0ZlNcAsiq+xD/l2rzfdsreiuCxw Xg+mY1w658RxJGac8PpSp9hRRjvcigvJcI4p7KetYBmZWoeEKgAf9RHq+irdN4hLQLg4 mE2bdD6INMBrVSG+DAuL8WmJBO7ocdxK64uEsU/km2tUyeDt1nT6rydTiKKRAdz4o2mw f27Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@themaw.net header.s=fm2 header.b=BJxsv+b4; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=wsFWPPwd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m3si17549124pgs.8.2019.02.19.18.46.57; Tue, 19 Feb 2019 18:47:13 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@themaw.net header.s=fm2 header.b=BJxsv+b4; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=wsFWPPwd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730124AbfBTCqg (ORCPT + 99 others); Tue, 19 Feb 2019 21:46:36 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:35681 "EHLO out2-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725616AbfBTCqf (ORCPT ); Tue, 19 Feb 2019 21:46:35 -0500 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 20FAF233AB; Tue, 19 Feb 2019 21:46:34 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute1.internal (MEProxy); Tue, 19 Feb 2019 21:46:34 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=themaw.net; h= message-id:subject:from:to:cc:date:in-reply-to:references :content-type:mime-version:content-transfer-encoding; s=fm2; bh= YqCbabGzvKCWGS13EUnOLA95VIhsqfmIn0nslossjtk=; b=BJxsv+b4YoQRjux5 EFeAe/StoQCwvFdf3CVkcspwiHI8omrukwadCqNMdubj21xp+AvPXot9bP8TW6dG vsBWhzLVk4Pra+n4G+4hywvor3VBovJhJjBPndH2LehOkCpbidcmbGBwagBbiWNd FRyeLR6OuDh1esODhoEeSnDzjaQHHeey6eFmdrrGLAgLWDf8fgTxXOWzqWZpbxe9 aWHUuN6iyhmV69msFcM2uMFgYvZXyWdJjIZEPeTDvBdfKh7cwLLZvhM5dYsajqm5 /YXSazduDV9HtaAjBc+IxiIehqCPYtpSWaDCNbO6uWyrxwEQAqOdTVPwSUpPJtrD e7MvwQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=YqCbabGzvKCWGS13EUnOLA95VIhsqfmIn0nslossj tk=; b=wsFWPPwd4B/kLjwCxJOwpE7PfKSfJ1xUL+EtjnfaWtupzWeRs/K6cLQSK oJjTWYv/nqUl2Q6BN2g0ABPr7+WjwGK+/EsQuSGZ0UiW8wbyTAEZVThACHHpKh+g vVk9Bg7AbD/ljf5Hqdz0LmVtO75hD9OHNI2G0dg+69nXRS9LtHKnLo8fBKE2U28X fFH92DBYBanVewp6IUvMkJtDIDhSTAc8jKvE7v9gVzYVk1SeE0gfzhY4g5LRLbUV 1CyrKho578883F9jVfvOAonTzTUf7UijWCCNmD6a5uL0hMxWlMmAad4D0hFYIKlF U04m/MaanRWbzlrrNWqK/HYM2L6JQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrtdehgdehvdculddtuddrgedtledrtddtmd cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepkffuhffvffgjfhgtofgggfesthejredtredtjeenucfhrhhomhepkfgrnhcu mfgvnhhtuceorhgrvhgvnhesthhhvghmrgifrdhnvghtqeenucfkphepuddukedrvddtke drheehrdeknecurfgrrhgrmhepmhgrihhlfhhrohhmpehrrghvvghnsehthhgvmhgrfidr nhgvthenucevlhhushhtvghrufhiiigvpedt X-ME-Proxy: Received: from localhost (unknown [118.208.55.8]) by mail.messagingengine.com (Postfix) with ESMTPA id E2C3910312; Tue, 19 Feb 2019 21:46:27 -0500 (EST) Message-ID: <7923d4aa646fbe4bd71cfb4144f1c96f28cad972.camel@themaw.net> Subject: Re: [RFC PATCH 02/27] containers: Implement containers as kernel objects From: Ian Kent To: David Howells , keyrings@vger.kernel.org, trond.myklebust@hammerspace.com, sfrench@samba.org, James Bottomley Cc: linux-security-module@vger.kernel.org, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, linux-fsdevel@vger.kernel.org, rgb@redhat.com, linux-kernel@vger.kernel.org, containers@lists.linux-foundation.org, cgroups@vger.kernel.org Date: Wed, 20 Feb 2019 10:46:24 +0800 In-Reply-To: <155024685321.21651.1504201877881622756.stgit@warthog.procyon.org.uk> References: <155024683432.21651.14153938339749694146.stgit@warthog.procyon.org.uk> <155024685321.21651.1504201877881622756.stgit@warthog.procyon.org.uk> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.28.5 (3.28.5-2.fc28) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 2019-02-15 at 16:07 +0000, David Howells wrote: > Implement a kernel container object such that it contains the following > things: > > (1) Namespaces. > > (2) A root directory. > > (3) A set of processes, including one designated as the 'init' process. Yeah, I think a name other than init needs to be used for this process. The problem being that there is no requirement for container process 1 to behave in any way like an "init" process is expected to behave and that leads to confusion (at least it certainly did for me). Admittedly I haven't yet worked through the series but in the light of the comments from James I wanted to chime in (probably too early to be useful not having read the series but ...). I believe what your trying to do here is so badly needed it would be great if the needs of James could be met to some (as yet undefined) satisfactory extent. Would there be any possibility of introducing a concept of inactive and active containers where the creation is a two (maybe more) step procedure, first the creation of (if you like a "true") container that's essentially empty, basically a shell (not the program "shell" of course), inert wrt. events and such and implement the ability to make the container active by adding various things, like processes, to it? Clearly the concepts of inactive and active require a definition of what they mean and I don't have that, perhaps a starting point could be a container that has a process 1 (which should also require a root fs and namespaces) is active otherwise it's considered inactive. Ian