Re: [PATCH v10 2/9] cpuset: Add new v2 cpuset.sched.domain_root flag
From: Waiman Long <longman@redhat.com>
Date: 2018-06-22 03:00:23
Also in:
linux-doc, lkml
On 06/21/2018 05:20 PM, Peter Zijlstra wrote:
On Thu, Jun 21, 2018 at 03:58:06PM +0800, Waiman Long wrote:quoted
As for the inconsistency between the real root and the container root, this is true for almost all the controllers. So it is a generic problem. One possible solution is to create a kind a pseudo root cgroup for the container that looks and feels like a real root. But is there really a need to do that?I don't really know. I thought the idea was to make containers indistinguishable from a real system. Now I know we're really rather far away from that in reality, and I really have no clue how important all that is.
That will certainly be the ideal.
It all depends on how exactly this works; is it like I assumed, that this file is owned by the parent instead of the current directory? And that if you namespace this, you have an effective read-only file?
Yes, that is right.
Then fixing the inconsistency is trivial; simply provide a read-only file for the actual root cgroup too. And if the solution is trivial, I don't see a good reason not to do it.
Do you mean providing a flag like READONLY_AT_ROOT so that it will be read-only at the real root? That is an cgroup architectural decision that needs input from Tejun. Anyway, this issue is not specific to this patchset and I would like to break it out as a separate discussion independent of this patchset. Cheers, Longman