Zach's Kernel News

Zach's Kernel News

Article from Issue 169/2014
Author(s):

Chronicler Zack Brown reports on the latest news, views, dilemmas, and developments within the Linux kernel community.

Extending Containers

Marian Marinov noticed that if he ran multiple containers, they all shared the same process counters. In other words, if two containers used the same user ID numbers and group ID numbers, then the processes owned by those IDs, but on completely separate containers, would appear to be owned by the same user. This would mess with his ability to do process resource limiting on a per-container basis.

This situation caused problems for Marian, because his containers were all instantiated by an identical template (hence identical UID and GID numbers) that contained a large number of files for a particular project. Changing the ownerships of those files within the running container would be a very time consuming task, and abandoning his template would require a lot of redesign. He proposed modifying some kernel data structures to isolate each container's user namespace, so the process counters would see them as separate from each other.

Eric W. Biederman replied that the current behavior was actually intentional, and he felt it would be bad to have per-user namespace data structures in the kernel, although he did say that he'd been considering allowing resource limits that would detect the different containers and apply the limits appropriately.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Kernel News

    Zack Brown discusses implementing digital rights management in-kernel, improving lighting controls, and updating printk().

  • Kernel News

    This month in Kernel News: Shared Processes with Hyper-Threading; Cleaning Up printk(); and Rust in the Kernel.

  • Kernel News

    Zack Brown reports on fixing printk() bit by bit, kernel internationalization (or not), and kernel encryption and secure boot. 

  • Kernel News

    Chronicler Zack Brown reports on printk() wrangling, persistent memory as a generalized resource, making Kernel headers available on running systems, and Kernel licensing Hell. 

  • Kernel News

    Chronicler Zack Brown reports on the latest news, views, dilemmas, and developments within the Linux kernel community.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News