On Wed, Jun 17, 2015 at 11:34:32AM +0300, Konstantin Khorenko wrote:
Ok, this is a followup on this:
a) currently we don't know real usecase when privileged Docker CT is required
inside a VZ CT
(except for Docker tests). So in case someone knows such a usecase -
please share.
b)
On 06/10/2015 12:28 AM, Konstantin Khorenko wrote:
On 06/09/2015 10:39 PM, Pavel Emelyanov wrote:
On 06/09/2015 01:42 PM, Pavel Tikhomirov wrote:
Pasha, please consider
We have ~4 ways:
1) Virtualize mounting cgroups in PCS7CT
+docker test will be happy and all docker-in-docker thing
-we
On Wed, Jun 17, 2015 at 12:06:11PM +0300, Konstantin Khorenko wrote:
So the idea behind is to continue blocking mounting of cgroups inside ve?
In longterm - yes.
The CRIU issue is to handled either via restoring state or
(which i like much more) to create venet directly via netlink.
OK,
On 06/17/2015 12:15 PM, Cyrill Gorcunov wrote:
On Wed, Jun 17, 2015 at 12:06:11PM +0300, Konstantin Khorenko wrote:
So the idea behind is to continue blocking mounting of cgroups inside ve?
In longterm - yes.
The CRIU issue is to handled either via restoring state or
(which i like much more)
On 06/17/2015 11:44 AM, Cyrill Gorcunov wrote:
On Wed, Jun 17, 2015 at 11:34:32AM +0300, Konstantin Khorenko wrote:
Ok, this is a followup on this:
a) currently we don't know real usecase when privileged Docker CT is
required inside a VZ CT
(except for Docker tests). So in case someone
On Tue, Jun 09, 2015 at 12:17:59PM +0300, Pavel Tikhomirov wrote:
On 06/09/2015 11:51 AM, Cyrill Gorcunov wrote:
On Tue, Jun 09, 2015 at 11:48:18AM +0300, Pavel Tikhomirov wrote:
Docker tests create two level docker containers hierarchy, and they need to
mount cgroups on the first level to
On 06/09/2015 11:51 AM, Cyrill Gorcunov wrote:
On Tue, Jun 09, 2015 at 11:48:18AM +0300, Pavel Tikhomirov wrote:
Docker tests create two level docker containers hierarchy, and they need to
mount cgroups on the first level to control containers of second level. Is
it safe to re-revert this
On Tue, Jun 09, 2015 at 11:48:18AM +0300, Pavel Tikhomirov wrote:
Docker tests create two level docker containers hierarchy, and they need to
mount cgroups on the first level to control containers of second level. Is
it safe to re-revert this patch to allow docker test(unit,integration-cli)
Docker tests create two level docker containers hierarchy, and they need
to mount cgroups on the first level to control containers of second
level. Is it safe to re-revert this patch to allow docker
test(unit,integration-cli) mount cgroups?
On 05/26/2015 06:00 PM, Cyrill Gorcunov wrote:
--
Pasha, please consider
We have ~4 ways:
1) Virtualize mounting cgroups in PCS7CT
+docker test will be happy and all docker-in-docker thing
-we don't want patch kernel for it and thus have a lot of non-mainline code
2) We can patch docker tests to make bindmounts from CT to DockerCT
instead of
On 06/09/2015 01:42 PM, Pavel Tikhomirov wrote:
Pasha, please consider
We have ~4 ways:
1) Virtualize mounting cgroups in PCS7CT
+docker test will be happy and all docker-in-docker thing
-we don't want patch kernel for it and thus have a lot of non-mainline code
2) We can patch docker
On 06/09/2015 10:39 PM, Pavel Emelyanov wrote:
On 06/09/2015 01:42 PM, Pavel Tikhomirov wrote:
Pasha, please consider
We have ~4 ways:
1) Virtualize mounting cgroups in PCS7CT
+docker test will be happy and all docker-in-docker thing
-we don't want patch kernel for it and thus have a lot
On Fri, May 29, 2015 at 11:09:41AM +0300, Vladimir Davydov wrote:
On Tue, May 26, 2015 at 06:00:51PM +0300, Cyrill Gorcunov wrote:
Even mounting knowing cgroups (ie ones which already known to VE and
been mounted by vzctl or any other tool for containter sake) is not
that harmless as it
On Tue, May 26, 2015 at 06:00:51PM +0300, Cyrill Gorcunov wrote:
Even mounting knowing cgroups (ie ones which already known to VE and
been mounted by vzctl or any other tool for containter sake) is not
that harmless as it might look like. In particular this introduce
additional performance
Even mounting knowing cgroups (ie ones which already known to VE and
been mounted by vzctl or any other tool for containter sake) is not
that harmless as it might look like. In particular this introduce
additional performance hit. So because we are using bindmount
strategy to grant cgorups to VE
15 matches
Mail list logo