[Devel] [PATCH v2] ve/fs: add per-VE limit of mount points

2015-11-11 Thread Evgenii Shatokhin
https://jira.sw.ru/browse/PSBM-34438 (This fix was adapted from PCS6.) It is possible for a container to create lots of mount points, which may make operations with them slower. As some of these operations take global locks (namespace_sem, vfsmount_lock), it might affect other containers as well.

Re: [Devel] [PATCH v2] ve/fs: add per-VE limit of mount points

2015-11-11 Thread Stanislav Kinsburskiy
Thanks. That's much better. But maybe we could simplify it even more? Please, take a look at my comments inlined. They allow to reduce impact to generic code even further and simplify future rebasing (which is usually a lot of pain). 11.11.2015 10:33, Evgenii Shatokhin пишет: https://jira.sw.

[Devel] [PATCH rh7] vtty: Don't zap termios fields on slave peer

2015-11-11 Thread Cyrill Gorcunov
These fields are sensitive to userspace so was a copy-paste bug in first place when I defined driver fields (the pty as well as vtty devices have same structure in drivers). Also I defined @chars_in_buffer, @flush_buffer and @resize methods for driver to be close to former pcs6 driver structure.

[Devel] questions on capabilities (PSBM-40837)

2015-11-11 Thread Konstantin Khorenko
https://jira.sw.ru/browse/PSBM-40837 Evgenii Shatokhin added a comment - 09/Nov/15 5:13 PM > Here are the results for the capabilities in the containers. > ... > The following ones do not work (or work only partially) for the users in the container, including root: > * sys_module: loading/unload

Re: [Devel] questions on capabilities (PSBM-40837)

2015-11-11 Thread Konstantin Khorenko
On 11/11/2015 03:30 PM, Konstantin Khorenko wrote: https://jira.sw.ru/browse/PSBM-40837 Evgenii Shatokhin added a comment - 09/Nov/15 5:13 PM > Here are the results for the capabilities in the containers. > ... > The following ones do not work (or work only partially) for the users in the

Re: [Devel] [PATCH rh7] fuse: allow to mount fuse filesystems inside CT

2015-11-11 Thread Konstantin Khorenko
On 11/10/2015 05:56 PM, Andrey Ryabinin wrote: On 11/10/2015 05:52 PM, Stanislav Kinsburskiy wrote: goto err; +if (get_exec_env()->init_cred) +root_user_ns = get_exec_env()->init_cred->user_ns; +else +root_user_ns = &init_user_ns; + We have some helper for th

[Devel] [PATCH RHEL7 COMMIT] ve/acct: Allow process accounting in containers

2015-11-11 Thread Konstantin Khorenko
The commit is pushed to "branch-rh7-3.10.0-229.7.2.vz7.9.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git after rh7-3.10.0-229.7.2.vz7.9.8 --> commit 5683c6b51a4c8a7dc22d5edc7857ad3ff83bb7ed Author: Evgenii Shatokhin Date: Wed Nov 11 18:42:43 2015 +0400 ve/acct: Al

Re: [Devel] [PATCH rhel7] fix userspace if_tun.h compilation

2015-11-11 Thread Konstantin Khorenko
Andrey, please review. -- Best regards, Konstantin Khorenko, Virtuozzo Linux Kernel Team On 11/11/2015 01:00 PM, Vladimir Sementsov-Ogievskiy wrote: Patch b59e089eb2d : "ve/net: introduce TAP accounting" uses IFNAMSIZ in if_tun.h and it can't be compiled in userspace. This patch fixes it and

[Devel] [PATCH RHEL7 COMMIT] ve/autofs: allow /dev/autofs ioctl's in a Container

2015-11-11 Thread Konstantin Khorenko
The commit is pushed to "branch-rh7-3.10.0-229.7.2.vz7.9.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git after rh7-3.10.0-229.7.2.vz7.9.8 --> commit f36c58cad299b1f1ad202ea6b5bc9185b34db80a Author: Stanislav Kinsburskiy Date: Wed Nov 11 18:54:50 2015 +0400 ve/auto

Re: [Devel] [PATCH rh7] fuse: allow to mount fuse filesystems inside CT

2015-11-11 Thread Stanislav Kinsburskiy
11.11.2015 15:40, Konstantin Khorenko пишет: On 11/10/2015 05:56 PM, Andrey Ryabinin wrote: On 11/10/2015 05:52 PM, Stanislav Kinsburskiy wrote: goto err; +if (get_exec_env()->init_cred) +root_user_ns = get_exec_env()->init_cred->user_ns; +else +root_user_ns

[Devel] [PATCH rh7 v2 1/2] ve: introduce ve_init_user_ns() helper

2015-11-11 Thread Andrey Ryabinin
Add new helper ve_init_user_ns() which returns initial namespace for current ve, and use it in do_new_mount() https://jira.sw.ru/browse/PSBM-41075 Signed-off-by: Andrey Ryabinin --- fs/namespace.c | 8 +--- include/linux/ve.h | 9 + kernel/ve/ve.c | 9 + 3 files chan

[Devel] [PATCH rh7 v2 2/2] fuse: allow to mount fuse filesystems inside CT

2015-11-11 Thread Andrey Ryabinin
Currently mounting fuse fs inside CT fails because we don't pass (file->f_cred->user_ns != &init_user_ns) check. Test file's namespace against VE's init_cred->user_ns instead. This allows to use fuse inside containers. https://jira.sw.ru/browse/PSBM-41075 Signed-off-by: Andrey Ryabinin --- fs/f

[Devel] [NEW KERNEL] 3.10.0-229.7.2.vz7.9.9 (rhel7)

2015-11-11 Thread builder
Changelog: OpenVZ kernel rh7-3.10.0-229.7.2.vz7.9.9 * debug kernels are enabled in kernel.spec again * process accounting is enabled for Containers * autofs can be used inside a Container now. Note: CRIU does not support it yet Generated changelog: * Thu Nov 12 2015 Konstantin Khorenko [3.

[Devel] [PATCH rh7] ext4: fix file allocation check in ext4_open_balloon

2015-11-11 Thread Stanislav Kinsburskiy
Function alloc_file() doesn't return NULL. It returns error pointer. File structure allocation may fail before file->f_ep_links is initialized, which may lead to crash in eventpoll_release_file(). https://jira.sw.ru/browse/PSBM-41222 Signed-off-by: Stanislav Kinsburskiy --- fs/ext4/ioctl.c |

Re: [Devel] [PATCH rh7 v2 2/2] fuse: allow to mount fuse filesystems inside CT

2015-11-11 Thread Stanislav Kinsburskiу
I like it. Ack on all set. Sorry for such a silly message. Writing from my phone due to problems with IMAP in my mail client 11 нояб. 2015 г. 17:09 пользователь Andrey Ryabinin написал: > > Currently mounting fuse fs inside CT fails because > we don't pass (file->f_cred->user_ns != &init_user