В Чт, 18/06/2015 в 21:26 +0300, Cyrill Gorcunov пишет: > On Tue, Jun 16, 2015 at 07:51:52PM +0300, Cyrill Gorcunov wrote: > > > > > > If we have any problems because of this, the solution is good. > > > > OK. Gimme sometime (util tomorrow probably) to think of. This issue > > not critical at the moment because we know that we're moving one > > task only (from vzctl). So we can investigate. > > Kirill, you know I think Vladimir's proposal is the best option here. > Yes there is a window when task_ve is not yet updated but ve interface > is special and supposed to be run in a predefined way (ie moving > caller of container's init [read vzctl] should be done in a forkless > manner). So I think we can trade this off for a simplier solution, > right? Also maybe we should add some check for creds thus arbitrary > userspace apps wont be moved here and there. If there some other > way -- please share (rcu for get-exec-env still look woth to add).
Ok, I have no objections. The only thing is we need to carefully use direct task_ve in the future. All current place, where we use it, are safe. Kirill _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel