Re: [zones-discuss] Default RM controls for Containers?

Mon, 14 May 2007 07:31:54 -0700 

Mads Toftum wrote:

On Fri, May 11, 2007 at 01:44:42PM -0400, Jeff Victor wrote:
I would choose 50%. For >3 zones, 75% doesn't accomplish enough. At 50%, they will (hopefully) investigate the performance issue and be happily surprised when they learn they've been using a default value... 


I'm not too keen to have defaults that could affect performance on
systems running a normal load. As long as it only gets enabled when you

ask for default RM, then I'm not too worried. 


Here we have a difficult non-technical decision to make.  Which is 'better':


1) No "out-of-the-box" controls - the current situation.  The unsuspecting 
zone creator will unwittingly allow DoS attacks by zones until it becomes 
clear that RM controls should be used, either through education or a negative 
experience.  Possible solutions to this include

  A) One "enable-RM" knob which applies defaults that can be overridden
  B) Templates that have default RM controls
  C) Others


2) Out-of-the-box controls: all zones have default RM controls unless the 
creator overrides those controls.  These values would be generous enough to 
prevent DoS attacks and the effects of very badly written software, but not 
affect most workloads, as Mads suggests.  Templates could also be added to 
enable simple RM tuning.




To me, (1) doesn't solve the problem that I think we need to solve.  I am 
trying to protect the first-time and occasional zones creators.  As Jerry 
said, "RM is a requirement for zones."  At the same time, I am trying to 
minimize any impact on normal workloads.



By default zones provide an extremely robust security boundary to protect them 
from each other.  Why do they not also provide some default minimum RM 
isolation, for the same reason?




If we have consensus on the basic idea of "out-of-the-box defaults," I think I 
have seen enough on this thread to draft specifics - modifications to the UI, 
what the defaults would be, etc.  Are we ready for that yet?



Further, if that concept gets far enough, I would like to implement the 
changes as an OpenSolaris community member.  I would need some guidance on the 
process, but can handle the code work.



--------------------------------------------------------------------------
Jeff VICTOR              Sun Microsystems            jeff.victor @ sun.com
OS Ambassador            Sr. Technical Specialist
Solaris 10 Zones FAQ:    http://www.opensolaris.org/os/community/zones/faq
--------------------------------------------------------------------------
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org


























					Reply via email to