Re: [PATCH][BUGFIX] cgroups: fix pid namespace bug

[Serge E. Hallyn]

Quoting Li Zefan (lizf@xxxxxxxxxxxxxx):
> Paul Menage wrote:
> > On Wed, Jul 1, 2009 at 7:17 PM, Li Zefan<lizf@xxxxxxxxxxxxxx> wrote:
> >> But I guess we are going to fix the bug for 2.6.31? So is it ok to
> >> merge a new feature 'cgroup.procs' together into 2.6.31?
> >>
> > 
> > Does this bug really need to be fixed for 2.6.31? I didn't think that
> > the namespace support in mainline was robust enough yet for people to
> > use them for virtual servers in production environments.

I don't know where the bar is for 'production environments', but I'd
have to claim that pid namespaces are there...

> If so, it's ok for me. Unless someone else has objections. Serge?

Well, on the one hand it's not a horrible bug in that at least it
won't crash the kernel.  But what bugs me is that there is no
workaround for userspace, no way for an admin to know that if he
does for t in `cat /cgroup/victim/tasks`; do kill $t; done he
won't kill his mysql server.

I think that's a bad enough risk to make it worth trying to push
Li's patch.  Surely changing Ben's procs file should be pretty
trivial to rebase?

thanks,
-serge
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/