Re: [Devel] [PATCH rh7 2/3] memcg: use CFTYPE_NOT_ON_ROOT for memory.low and memory.oom_guarantee

On Tue, May 26, 2015 at 01:36:35PM +0300, Kirill Tkhai wrote: В Пн, 25/05/2015 в 17:05 +0300, Vladimir Davydov пишет: @@ -5222,9 +5219,6 @@ static int mem_cgroup_oom_guarantee_write(struct cgroup *cont, I can't find this function in memcontrol.c. Which series this series goes after?

Re: [Devel] [PATCH rh7 2/3] memcg: use CFTYPE_NOT_ON_ROOT for memory.low and memory.oom_guarantee

В Пн, 25/05/2015 в 17:05 +0300, Vladimir Davydov пишет: This is neater than checking if the root is passed to the write method and this is how it works upstream (for memory.low). Signed-off-by: Vladimir Davydov vdavy...@parallels.com --- mm/memcontrol.c | 8 ++-- 1 file changed, 2

Re: [Devel] [PATCH rh7 2/3] memcg: use CFTYPE_NOT_ON_ROOT for memory.low and memory.oom_guarantee

В Вт, 26/05/2015 в 13:47 +0300, Vladimir Davydov пишет: On Tue, May 26, 2015 at 01:36:35PM +0300, Kirill Tkhai wrote: В Пн, 25/05/2015 в 17:05 +0300, Vladimir Davydov пишет: @@ -5222,9 +5219,6 @@ static int mem_cgroup_oom_guarantee_write(struct cgroup *cont, I can't find this

[Devel] [PATCH rh7 2/2] net: Add rules for autoloading nf_tables

nf_tables is a new netfilter table. Add autoload permittions like we have for {ip,ip6,x}tables. https://jira.sw.ru/browse/PSBM-33631 Signed-off-by: Kirill Tkhai ktk...@odin.com --- kernel/kmod.c | 47 +++ 1 file changed, 47 insertions(+) diff --git

Re: [Devel] [PATCH rh7 1/2] net: Add rules for new {ip, ip6, x}table modules

Cyrill, please, review the series. В Вт, 26/05/2015 в 14:09 +0300, Kirill Tkhai пишет: Here are the modules, which need extended permittions (see module_payload_allowed() for details). https://jira.sw.ru/browse/PSBM-33631 Signed-off-by: Kirill Tkhai ktk...@odin.com --- kernel/kmod.c |

[Devel] [PATCH rh7 1/2] net: Add rules for new {ip, ip6, x}table modules

Here are the modules, which need extended permittions (see module_payload_allowed() for details). https://jira.sw.ru/browse/PSBM-33631 Signed-off-by: Kirill Tkhai ktk...@odin.com --- kernel/kmod.c | 13 + 1 file changed, 13 insertions(+) diff --git a/kernel/kmod.c b/kernel/kmod.c

Re: [Devel] Running Debian 8 Jessie as OpenVZ Hostnode?

On 05/23/2015 12:12 PM, Lope wrote: Hi, I've not been successful trying to install OpenVZ on the current stable version of Debian 8 Jessie. I was able to boot the OpenVZ stab108 kernel on Debian 8 Jessie with SysVinit. However I could not start a container. First it gave an error

[Devel] [PATCH RHEL7 COMMIT] Revert scripts: Delete generated binary files from kernel tree

The commit is pushed to branch-rh7-3.10.0-123.1.2-ovz and will appear at https://src.openvz.org/scm/ovz/vzkernel.git after rh7-3.10.0-123.1.2.vz7.5.6 -- commit 9c427a87aa6083367978866348e753f886f9cf50 Author: Konstantin Khorenko khore...@openvz.org Date: Tue May 26 20:09:14 2015 +0400

Re: [Devel] Running Debian 8 Jessie as OpenVZ Hostnode?

On 05/23/2015 02:12 AM, Lope wrote: Hi, I've not been successful trying to install OpenVZ on the current stable version of Debian 8 Jessie. I was able to boot the OpenVZ stab108 kernel on Debian 8 Jessie with SysVinit. However I could not start a container. First it gave an error about

Re: [Devel] [PATCH rh7 2/2] net: Add rules for autoloading nf_tables

On Tue, May 26, 2015 at 02:09:25PM +0300, Kirill Tkhai wrote: nf_tables is a new netfilter table. Add autoload permittions like we have for {ip,ip6,x}tables. https://jira.sw.ru/browse/PSBM-33631 Signed-off-by: Kirill Tkhai ktk...@odin.com Reviewed-by: Cyrill Gorcunov gorcu...@odin.com

[Devel] [patch rh7 1/2] cgroup: mount -- Disable mounting from inside of VE context

Even mounting knowing cgroups (ie ones which already known to VE and been mounted by vzctl or any other tool for containter sake) is not that harmless as it might look like. In particular this introduce additional performance hit. So because we are using bindmount strategy to grant cgorups to VE

Re: [Devel] [PATCH rh7 0/3] memcg: implement oomguarpages

Kirill, please review. -- Best regards, Konstantin Khorenko, Virtuozzo Linux Kernel Team On 05/21/2015 12:50 PM, Vladimir Davydov wrote: This patch set adds memory.oom_guarantee file to memory cgroup which allows to protect a memory cgroup from OOM killer. It works as follows: OOM killer

[Devel] [PATCH RHEL7 COMMIT] bc/vmalloc: zap ub_vmalloc

The commit is pushed to branch-rh7-3.10.0-123.1.2-ovz and will appear at https://src.openvz.org/scm/ovz/vzkernel.git after rh7-3.10.0-123.1.2.vz7.5.5 -- commit a850b25e2410426bf4a98d0e5893553d20e17586 Author: Vladimir Davydov vdavy...@parallels.com Date: Tue May 26 18:52:18 2015 +0400

Re: [Devel] [PATCH rh7 0/2] Implement UB_DCACHESIZE stats

Kirill, please review the patch set. -- Best regards, Konstantin Khorenko, Virtuozzo Linux Kernel Team On 05/22/2015 02:08 PM, Vladimir Davydov wrote: See individual patches for more details. Related to https://jira.sw.ru/browse/PSBM-20089 Vladimir Davydov (2): memcg: account dcache

[Devel] [PATCH RHEL7 COMMIT] cpt: Unexport everything CPT-related

The commit is pushed to branch-rh7-3.10.0-123.1.2-ovz and will appear at https://src.openvz.org/scm/ovz/vzkernel.git after rh7-3.10.0-123.1.2.vz7.5.5 -- commit 8304c77c69430cd34af8c2a349c90feaa4b3ab08 Author: Vladimir Davydov vdavy...@parallels.com Date: Tue May 26 18:52:26 2015 +0400

Re: [Devel] [PATCH rh7 1/3] memcg: add function to get container's ram size

Kirill, please review the patch set. -- Best regards, Konstantin Khorenko, Virtuozzo Linux Kernel Team On 05/21/2015 06:27 PM, Vladimir Davydov wrote: Sometimes we need to get the ram size of the container the current process belongs to and we cannot open the memory cgroup by name as we

[Devel] [PATCH RHEL7 COMMIT] bc/mm: zap pte_ptrs and same_ub macros

The commit is pushed to branch-rh7-3.10.0-123.1.2-ovz and will appear at https://src.openvz.org/scm/ovz/vzkernel.git after rh7-3.10.0-123.1.2.vz7.5.5 -- commit 0fbf24f5927de7e7c9a31e9213ad9975f3aa2adc Author: Vladimir Davydov vdavy...@parallels.com Date: Tue May 26 18:59:12 2015 +0400

[Devel] [patch rh7 2/2] cgroup: Mangle cgroups root from inside of VE view

We're bindmounting cgroups for container so if say a container is having CTID=200 then @cgroups and @mountinfo output will contain /200 as a root. Which makes Docker to lookup for appropriate directory inside /sys/fs/cgroup/controller which of course not present because of been bindmounted from

Re: [Devel] Any plans about overlayfs support for Docker?

On 05/24/2015 02:24 PM, Pavel Odintsov wrote: Hello, folks! I inspired with Docker support inside containers so much! It works perfectly. But I can't find any articles regarding to OverlayFS support there. Do you have any plans about OverlayFS

[Devel] [PATCH RHEL7 COMMIT] ub: zap ub_reclaim_rate_limit

The commit is pushed to branch-rh7-3.10.0-123.1.2-ovz and will appear at https://src.openvz.org/scm/ovz/vzkernel.git after rh7-3.10.0-123.1.2.vz7.5.5 -- commit 0c76a2a4e0e69827c118d5859001167ee231b925 Author: Vladimir Davydov vdavy...@parallels.com Date: Tue May 26 18:46:19 2015 +0400

[Devel] [patch rh7 0/2] Disable mount cgroups from inside of VE and mangle cgroup root paths

Please take a look, thanks. ___ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel

[Devel] [PATCH RHEL7 COMMIT] bc/mm: zap page-{slab_ubs,kmem_ub}

The commit is pushed to branch-rh7-3.10.0-123.1.2-ovz and will appear at https://src.openvz.org/scm/ovz/vzkernel.git after rh7-3.10.0-123.1.2.vz7.5.5 -- commit 3e695c5023b8e1a6f2ac61a1e94ffcbd7b897fa3 Author: Vladimir Davydov vdavy...@parallels.com Date: Tue May 26 18:00:24 2015 +0400

[Devel] [PATCH RHEL7 COMMIT] mm/shmem: unexport shmem_file_operations

The commit is pushed to branch-rh7-3.10.0-123.1.2-ovz and will appear at https://src.openvz.org/scm/ovz/vzkernel.git after rh7-3.10.0-123.1.2.vz7.5.5 -- commit 25d45a76a884735ac2530bfe4d027ddfaddd1a9b Author: Vladimir Davydov vdavy...@parallels.com Date: Tue May 26 18:00:31 2015 +0400

Re: [Devel] [PATCH rh7 1/2] net: Add rules for new {ip, ip6, x}table modules

On Tue, May 26, 2015 at 02:09:14PM +0300, Kirill Tkhai wrote: Here are the modules, which need extended permittions (see module_payload_allowed() for details). https://jira.sw.ru/browse/PSBM-33631 Signed-off-by: Kirill Tkhai ktk...@odin.com Reviewed-by: Cyrill Gorcunov gorcu...@odin.com