Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754736Ab0KERbV (ORCPT ); Fri, 5 Nov 2010 13:31:21 -0400 Received: from mail-ew0-f46.google.com ([209.85.215.46]:38179 "EHLO mail-ew0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754722Ab0KERbT (ORCPT ); Fri, 5 Nov 2010 13:31:19 -0400 DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=mCnqhHpqy6b+HAliWmgQiSq89iPJKK67wcXnwW3ZoYzo/aHVUNJw9sM8pS8BajhLDI b8A1xb7Hqtiqe6h8zQIxvB9nACyAbowkep6SAxABc9+92SKSp3ie4US+WcfD7M0nMToH ljsyXCPnq3fTCiEYT3SlPSUZWv673LkZRguqo= MIME-Version: 1.0 In-Reply-To: References: <4CD08419.5050803@kernel.org> <4CD23087.30900@cs.columbia.edu> Date: Fri, 5 Nov 2010 10:31:16 -0700 Message-ID: Subject: Re: [Ksummit-2010-discuss] checkpoint-restart: naked patch From: Sukadev Bhattiprolu To: Kapil Arya Cc: Oren Laadan , Tejun Heo , ksummit-2010-discuss@lists.linux-foundation.org, linux-kernel@vger.kernel.org, Gene Cooperman Content-Type: text/plain; charset=ISO-8859-1 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1472 Lines: 30 On Thu, Nov 4, 2010 at 8:55 PM, Kapil Arya wrote: >> * Complexity: they technically implement a virtual pid-namespace in userspace >> by intercepting calls to clone(). I wonder if they consider e.g. pid's saved >> on file owners or in afunix creds ? I'll just say it's nearly impossible with >> their 20K lines of code - I know because I did it in a kernel module ... > > We do wrap clone and create a table from original PID/TID to current PID/TID > just as you say. To our knowledge, we have wrappers for all system calls > involving a PID/TID except fcntl. We are guessing that either Linux C/R also > keeps a translation table or else restores the original PID/TID. Which do you > do? In the latter case what do you do if a PID/TID is already used by another > process/thread? > Like Oren said, we run the application inside the container - which would have its own pid namespace. When we restart, we again create a container, which starts with a fresh pid namespace, so the pids will not be in use. IOW, a process has a virtual pid and a global pid. The virtual pid is what the application sees when it calls getpid() and that pid will be correctly restored when you create the container. Sukadev -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/