Serge E. Hallyn wrote: > Quoting Oren Laadan (or...@cs.columbia.edu): >> >> Serge E. Hallyn wrote: >>> A topic on ksummit agenda is 'containers end-game and how do we >>> get there'. >>> >>> So for starters, looking just at application (and system) containers, what >>> do >>> the libvirt and liblxc projects want to see in kernel support that is >>> currently >>> missing? Are there specific things that should be done soon to make >>> containers >>> more useful and usable? >>> >>> More generally, the topic raises the question... what 'end-games' are there? >>> A few I can think of off-hand include: >>> >>> 1. resource control >>> 2. lightweight virtual servers >>> 3. (or 2.5) unprivileged containers/jail-on-steroids >>> (lightweight virtual servers in which you might, just >>> maybe, almost, be able to give away a root account, at >>> least as much as you could do so with a kvm/qemu/xen >>> partition) >>> 4. checkpoint, restart, and migration >>> >>> For each end-game, what kernel pieces do we think are missing? For >>> instance, >>> people seem agreed that resource control needs io control :) Containers imo >>> need a user namespace. I think there are quite a few network namespace >>> exploiters who require sysfs directory tagging (or some equivalent) to >>> allow us to migrate physical devices into network namespaces. And >>> checkpoint/restart needs... checkpoint/restart. >> Heh ... it does need ... checkpoint/restart; and a few issues >> which we should think about sometime -- > > Yup, these are all things we need to discuss. For some of them we might > just need to flail about and code a few approaches until we figure out an > answer, but then I think that everyone has thought about a few of these > in some detail, so there probably is much we could gain from talking. > > ... Does this mean we should try to have a mini-summit in the next 6 > months or so? I'd recommend having one right before kernel summit so > we can get our act together, but getting everyone to tokyo to chat seems > uneconomical :) It'd be good to chat about at least the first two items > before the summit, though. >
How about linux plumbers ? Oren. > Maybe after we finish v17, we pick a few of these and try a focused push > to get answers? > >> * Encapsulation of machine/OS config capabilities >> - how to detect (versioning, capabilities) ? >> - how to deal with mismatches ? (bail ? emulate ? hope for the best ?) >> - what happens if, e.g. VDSO page changes, or how to detect FPU changes... >> >> * Conversion of checkpoint image between kernel version (and automation) >> >> * Network namespaces, mnt namespaces - what's the best approach ? >> >> * Security assessment and brainstorming >> >> * Appealing use-cases for everyday use: >> - for hybernation >> - to reboot to new kernel without losing your session >> - to time travel back to before you lost in "bejewled" >> >> * Userspace tools - mainly for inspection of checkpoint images >> >> * Testing frameworks >> >> * Distributed c/r ? >> >> * Optimizations: low downtime, pre-copy, post-copy, cow, parallelization >> >> >> Now I really go hide :p >> >> Oren. > -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
