Hi,
here is a series of RFC in attempt to implement
net-namespaces for PPP protocol (including PPPoE
and PPPoL2TP).
I would really appreciate _any_ kind of comments.
Really doubt if there is no bugs in my implementation
but it's RFC after all. Mostly -compile- tested so it
requires strong review.
-namespace too otherwise
explicit check for &init_net would be needed.
CC: James Chapman
Signed-off-by: Cyrill Gorcunov
---
drivers/net/pppol2tp.c | 164 -
drivers/net/pppox.c|4 -
2 files changed, 121 insertions(+), 47 deletions(-)
I
- Introduce PPPOE_HASH_MASK.
- Remove redundant declaration of pppoe_chan_ops.
- Introduce stage_session helper.
- Tabs, space, long-line-split cleanup.
CC: Michal Ostrowski
Signed-off-by: Cyrill Gorcunov
---
drivers/net/pppoe.c | 167 ++--
1
contends (especially in SMP environment).
- pppox code allows to create per-namespace sockets for
PX_PROTO_OE protocol only (since at this moment support
for pppol2tp net-namespace is not implemented yet).
CC: Michal Ostrowski
Signed-off-by: Cyrill Gorcunov
---
drivers/net/pppoe.c | 383
- Each namespace contain ppp channels and units separately
with appropriate locks
CC: Paul Mackerras
Signed-off-by: Cyrill Gorcunov
---
drivers/net/ppp_generic.c | 242 +-
1 file changed, 175 insertions(+), 67 deletions(-)
Index: linux-2.6.git
[Cyrill Gorcunov - Fri, Jan 09, 2009 at 10:51:54PM +0300]
| Hi,
|
| here is a series of RFC in attempt to implement
| net-namespaces for PPP protocol (including PPPoE
| and PPPoL2TP).
|
| I would really appreciate _any_ kind of comments.
| Really doubt if there is no bugs in my implementation
[Cyrill Gorcunov - Fri, Jan 09, 2009 at 10:51:58PM +0300]
| - Each namespace contain ppp channels and units separately
| with appropriate locks
|
| CC: Paul Mackerras
| Signed-off-by: Cyrill Gorcunov
...
Please ignore this one -- I forgot to update
ppp_init while was porting the patch. Will
[Cyrill Gorcunov - Sat, Jan 10, 2009 at 12:22:58PM +0300]
| [Cyrill Gorcunov - Fri, Jan 09, 2009 at 10:51:58PM +0300]
| | - Each namespace contain ppp channels and units separately
| | with appropriate locks
| |
| | CC: Paul Mackerras
| | Signed-off-by: Cyrill Gorcunov
| ...
|
| Please
[James Chapman - Sat, Jan 10, 2009 at 11:06:08AM +]
| Cyrill Gorcunov wrote:
| > - Each tunnel and appropriate lock are inside own namespace now.
| > - pppox code allows to create per-namespace sockets for
| > both PX_PROTO_OE and PX_PROTO_OL2TP protocols. Actually since
[Cyrill Gorcunov - Sat, Jan 10, 2009 at 02:13:59PM +0300]
| [James Chapman - Sat, Jan 10, 2009 at 11:06:08AM +]
| | Cyrill Gorcunov wrote:
| | > - Each tunnel and appropriate lock are inside own namespace now.
| | > - pppox code allows to create per-namespace sockets for
| | &g
[James Chapman - Sat, Jan 10, 2009 at 03:05:13PM +]
| Cyrill Gorcunov wrote:
| > [Cyrill Gorcunov - Sat, Jan 10, 2009 at 02:13:59PM +0300]
| > | [James Chapman - Sat, Jan 10, 2009 at 11:06:08AM +]
| > | | Cyrill Gorcunov wrote:
| > | | > - Each tunnel and appropriate lock
[Cyrill Gorcunov - Sat, Jan 10, 2009 at 06:19:58PM +0300]
| [James Chapman - Sat, Jan 10, 2009 at 03:05:13PM +]
| | Cyrill Gorcunov wrote:
| | > [Cyrill Gorcunov - Sat, Jan 10, 2009 at 02:13:59PM +0300]
| | > | [James Chapman - Sat, Jan 10, 2009 at 11:06:08AM +]
| | > | | Cyrill
[James Chapman - Sat, Jan 10, 2009 at 06:14:33PM +]
| Cyrill Gorcunov wrote:
| > [Cyrill Gorcunov - Sat, Jan 10, 2009 at 06:19:58PM +0300]
| > | [James Chapman - Sat, Jan 10, 2009 at 03:05:13PM +]
| > | | Cyrill Gorcunov wrote:
| > | | > [Cyrill Gorcunov - Sat, Jan 10, 200
[Paul Mackerras - Sun, Jan 11, 2009 at 11:33:21AM +1100]
| Cyrill Gorcunov writes:
|
| > From: Cyrill Gorcunov
| > Subecjt: [RFC] net: ppp_generic - introduce net-namespace functionality
| >
| > - Each namespace contain ppp channels and units separately
| > with appropriate
[Cyrill Gorcunov - Sun, Jan 11, 2009 at 10:46:52AM +0300]
| [Paul Mackerras - Sun, Jan 11, 2009 at 11:33:21AM +1100]
| | Cyrill Gorcunov writes:
| |
| | > From: Cyrill Gorcunov
| | > Subecjt: [RFC] net: ppp_generic - introduce net-namespace functionality
| | >
| | > - Each namespace
[Alexey Dobriyan - Mon, Jan 12, 2009 at 12:27:00AM +0300]
| On Fri, Jan 09, 2009 at 10:51:54PM +0300, Cyrill Gorcunov wrote:
| > here is a series of RFC in attempt to implement
| > net-namespaces for PPP protocol (including PPPoE
| > and PPPoL2TP).
|
| You need assign netns to netdev
Hi, here is a series of patches in hope to bring
net-namespace functionality for PPP, PPPoE, PPPoL2TP
protocols.
I've tested plain PPP virtualization and it worked
for me. Quite may thanks to James Chapman who
was testing PPPoL2TP for me, thanks a lot again
James!
Please review and test if possib
-namespace too otherwise
explicit check for &init_net would be needed.
CC: James Chapman
Signed-off-by: Cyrill Gorcunov
---
drivers/net/pppol2tp.c | 160 +++--
drivers/net/pppox.c|4 -
2 files changed, 117 insertions(+), 47 deletions(-)
I
In PPPo[E|L2TP] we could explicitly point which net namespace
we're going to use for channels - make it so.
CC: James Chapman
CC: Michal Ostrowski
Signed-off-by: Cyrill Gorcunov
---
drivers/net/pppoe.c|2 +-
drivers/net/pppol2tp.c |2 +-
2 files changed, 2 insertions(
- Each namespace contains ppp channels and units separately
with appropriate locks
CC: Paul Mackerras
Signed-off-by: Cyrill Gorcunov
---
drivers/net/ppp_generic.c | 275 +++-
include/linux/ppp_channel.h |4
2 files changed, 202 insertions
contends (especially in SMP environment).
- pppox code allows to create per-namespace sockets for
PX_PROTO_OE protocol only (since at this moment support
for pppol2tp net-namespace is not implemented yet).
CC: Michal Ostrowski
Signed-off-by: Cyrill Gorcunov
---
drivers/net/pppoe.c | 377
[Cyrill Gorcunov - Tue, Jan 20, 2009 at 05:05:10PM +0300]
| Hi, here is a series of patches in hope to bring
| net-namespace functionality for PPP, PPPoE, PPPoL2TP
| protocols.
|
| I've tested plain PPP virtualization and it worked
| for me. Quite may thanks to James Chapman who
| was te
- Introduce PPPOE_HASH_MASK.
- Remove redundant declaration of pppoe_chan_ops.
- Introduce stage_session helper.
- Tabs, space, long-line-split cleanup.
CC: Michal Ostrowski
Signed-off-by: Cyrill Gorcunov
---
drivers/net/pppoe.c | 167 ++--
1
[James Chapman - Tue, Jan 20, 2009 at 09:56:32PM +]
| Cyrill Gorcunov wrote:
| > In PPPo[E|L2TP] we could explicitly point which net namespace
| > we're going to use for channels - make it so.
| >
| > CC: James Chapman
| > CC: Michal Ostrowski
| > Signed-off-by: Cyr
[Vegard Nossum - Sat, Jun 21, 2008 at 07:38:59PM +0200]
| Hi,
|
| I decided to see what cgroups is all about, and followed the instructions
| in Documentation/cgroups.txt :-) It happened when I did this:
|
| [EMAIL PROTECTED] /dev/cgroup/Vegard 0]
| # echo 1 > cpuset.cpus
|
| I can also
[KOSAKI Motohiro - Mon, Jun 23, 2008 at 12:34:04AM +0900]
| CC'ed Paul Jackson
|
| it seems typical ABBA deadlock.
| I think cpuset use cgrou_lock() by mistake.
|
| IMHO, cpuset_handle_cpuhp() sholdn't use cgroup_lock() and
| shouldn't call rebuild_sched_domains().
|
|
| -> #1 (cgroup_mutex){-
[Vegard Nossum - Sun, Jun 22, 2008 at 11:42:50AM +0200]
| On Sun, Jun 22, 2008 at 11:10 AM, Cyrill Gorcunov <[EMAIL PROTECTED]> wrote:
| > [Vegard Nossum - Sat, Jun 21, 2008 at 07:38:59PM +0200]
| > | ===
| > | [ INFO: possible c
[Oren Laadan - Wed, Jul 22, 2009 at 06:00:14AM -0400]
...
| +static struct sem *restore_sem_array(struct ckpt_ctx *ctx, int nsems)
| +{
| + struct sem *sma;
| + int i, ret;
| +
| + sma = kmalloc(nsems * sizeof(*sma), GFP_KERNEL);
Forgot to
if (!sma)
return -ENO
On Mon, Oct 15, 2012 at 07:30:03PM +0400, Stanislav Kinsbursky wrote:
> It can be equal to NULL.
>
> Signed-off-by: Stanislav Kinsbursky
Acked-by: Cyrill Gorcunov
Thanks, Stas!
___
Devel mailing list
Devel@openvz.org
http://lists.openvz.or
On Mon, Oct 15, 2012 at 02:40:48PM -0700, Andrew Morton wrote:
> On Mon, 15 Oct 2012 19:30:03 +0400
> Stanislav Kinsbursky wrote:
>
> > It can be equal to NULL.
> >
>
> Please write better changelogs, so people do not have to ask questions
> such as:
>
> - Under what conditions does this bug t
The new concept is to provide bindmounted cgroups from the
node to the container with user-space help (vzctl/prctl) thus
we at least for not don't need cgroups virtualization which
makes code a way more complex to read.
If for some unlikely reason we would need to virtualizae them back
it should b
It was introduced for cgroups management simplification, assuming
that it's up to the kernel to create and autodestory cgroup. With
time it evolves that it's up to userspace tools to create and destory
cgroups, thus @self_destruction no longer needed and we drop it off.
Signed-off-
It was introduced for cgroups virtualization but since we
use bindmounts, lets drop it and step back to native
per-root @release_agent_path.
Signed-off-by: Cyrill Gorcunov
CC: Vladimir Davydov
CC: Konstantin Khorenko
CC: Pavel Emelyanov
CC: Andrey Vagin
---
include/linux/cgroup.h |6
o need to hide /proc/cgroups in VE, there is no sensible info present.
Signed-off-by: Cyrill Gorcunov
CC: Vladimir Davydov
CC: Konstantin Khorenko
CC: Pavel Emelyanov
CC: Andrey Vagin
---
include/linux/cgroup.h |3 -
kernel/cgroup.c| 116 --
/PSBM-33281
Signed-off-by: Cyrill Gorcunov
CC: Vladimir Davydov
CC: Konstantin Khorenko
CC: Andrey Vagin
---
drivers/net/venetdev.c |4
1 file changed, 4 insertions(+)
Index: linux-pcs7.git/drivers/net/venetdev.c
On Tue, May 05, 2015 at 03:48:12PM +0300, Vladimir Davydov wrote:
>
> 3. Do not remove cgroups on container stop. Only remove them on
> container destruction.
>
> Personally, I would vote for #3 as the least intrusive way. Cgroup
> directories are not that fat to purge them on each CT stop, IMO.
up::cgroup_ve member is needed because we're using it
all over the code
Signed-off-by: Cyrill Gorcunov
CC: Vladimir Davydov
CC: Konstantin Khorenko
CC: Pavel Emelyanov
CC: Andrey Vagin
---
I'll need to drop off cgroup 0 as well, but this gonna be
addressed in another patch. I'
edunt get_ve here so call
put one for balance. Found when been hunting another bug.
Signed-off-by: Cyrill Gorcunov
CC: Vladimir Davydov
CC: Konstantin Khorenko
CC: Pavel Emelyanov
CC: Andrey Vagin
---
kernel/ve/vecalls.c |1 -
1 file changed, 1 deletion(-)
Index: linux-pcs
These two are living in my queue for too long so please take a look.
cgroup devices fix I've been sending already, but some time ago I fear it
drowned in emails.
Please take a look, thanks.
Cyrill
___
Devel mailing list
Devel@openvz.org
https://
ote the vanilla kernel no longer has any can_attach
helper, but to make the patch smaller lets keep it. ns_capable should
be enough for security, after all the user in container may attach own
tasks only.
v3:
- Use nsown_capable.
Signed-off-by: Cyrill Gorcunov
CC: Vladimir Davydov
CC: Kons
On Tue, May 05, 2015 at 07:54:37PM +0300, Cyrill Gorcunov wrote:
> Here we rip off all the virtualization code we introduced into kernel to
> behave close to rhel6.
>
> -static void ve_offline(struct cgroup *cg)
> -{
> - struct ve_struct *ve = cgroup_ve(cg);
> -
up::cgroup_ve member is needed because we're using it
all over the code
v3:
- move back ve_offline, we need to free ve id
Signed-off-by: Cyrill Gorcunov
CC: Vladimir Davydov
CC: Konstantin Khorenko
CC: Pavel Emelyanov
CC: Andrey Vagin
---
include/linux/cgroup.h | 15 ---
include
nilla
kernel has no cap test in devcgroup_can_attach (neither it
has this helper), while nsown_capable looks like be too relaxed.
So I think we could use plain capable() as we do in PCS6 kernel
same time requiring CAP_VE_SYS_ADMIN to present inside container.
Signed-off-by: Cyri
On Wed, May 06, 2015 at 08:04:02PM +0300, Vladimir Davydov wrote:
> On Wed, May 06, 2015 at 11:57:08AM +0300, Cyrill Gorcunov wrote:
> > Here we rip off all the virtualization code we introduced into kernel to
> > behave close to rhel6.
> >
> > Because we're tr
On Wed, May 06, 2015 at 08:04:02PM +0300, Vladimir Davydov wrote:
> >
> > - still cgroup::cgroup_ve member is needed because we're using it
> >all over the code
>
> Where do we use it? I think you're mixing it up with the cgroup_ve()
> macro, which has nothing to do with the ->cgroup_ve cgro
roblems if ever
- drop cgroup::cgroup_ve member, no longer used
- drop unused cgroup_kernel_destory
Signed-off-by: Cyrill Gorcunov
CC: Vladimir Davydov
CC: Konstantin Khorenko
CC: Pavel Emelyanov
CC: Andrey Vagin
---
include/linux/cgroup.h | 17 ---
include/linux/ve.h |1
kernel/bc/
On Tue, May 05, 2015 at 08:02:08PM +0300, Cyrill Gorcunov wrote:
> Our cgroups based VE's aleady carrying own reference
> so here we should call for put_ve, otherwise it gonna
> be hangin around.
>
> p.s. I didn't hit any problem with it yet because we're
> operat
On Thu, May 07, 2015 at 11:32:26AM +0300, Vladimir Davydov wrote:
> On Thu, May 07, 2015 at 10:51:16AM +0300, Cyrill Gorcunov wrote:
> > Index: linux-pcs7.git/kernel/cgroup.c
> > ===
> > --- linux-pcs7.git
On Thu, May 07, 2015 at 11:44:31AM +0300, Vladimir Davydov wrote:
> >
> > Index: linux-pcs7.git/kernel/ve/vecalls.c
> > ===
> > --- linux-pcs7.git.orig/kernel/ve/vecalls.c
> > +++ linux-pcs7.git/kernel/ve/vecalls.c
> > @@ -588,7 +588,
On Thu, May 07, 2015 at 11:59:54AM +0300, Vladimir Davydov wrote:
> > >
> > > So we are not allowed to create new cgroup hierarchies from a container,
> > > but we still can mount existing ones? If so, I think we should forbid
> > > this either.
> >
> > Yes existing ones are not forbidden. I'm no
On Thu, May 07, 2015 at 12:03:09PM +0300, Konstantin Khorenko wrote:
> Please fix as well unused variable "struct cgroup *cgrp;" in ve_offline().
>
Sure.
___
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
On Thu, May 07, 2015 at 12:12:37PM +0300, Cyrill Gorcunov wrote:
> > >
> > > At moment we don't, but looks like we need to add some check if
> > > cgroup been modified is not a top one when write happens from
> > > inside of container maybe?
> >
On Thu, May 07, 2015 at 01:17:27PM +0300, Vladimir Davydov wrote:
> > We're creating cgroups for container on ve0 but bindmount them
> > from inside of container, thus on userspace level (via config file)
> > we can setup which cgroups are allowed for use. Still we're not
> > limiting anyhow creati
On Thu, May 07, 2015 at 01:45:35PM +0300, Vladimir Davydov wrote:
> >
> > So maybe we should limit the number of nested cgroups in container?
> > There is root->number_of_cgroups maybe we should setup some limit
> > on ve config.
>
> The more parameters we have the worse. What should be a default
iner to
run (probably we will need more control here for
"restore" via CRIU case, hasn't investigated it
yet)
- drop redundant @cgrp from ve_offline
Signed-off-by: Cyrill Gorcunov
CC: Vladimir Davydov
CC: Konstantin Khorenko
CC: Pavel Emelyanov
CC: Andrey Vagin
---
i
> systemd.
>
> Signed-off-by: Vladimir Davydov
Acked-by: Cyrill Gorcunov
Thank you!
___
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
via systemd.
>
> Signed-off-by: Vladimir Davydov
Acked-by: Cyrill Gorcunov
___
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
On Mon, May 11, 2015 at 03:02:13PM +0300, Sergey Korshunoff wrote:
> > The fairsched host node, i.e. cpu/cpuset cgroup /0, conflicts with
> > systemd: the latter moves all processes out of it and even tries to
> > delete it. To make it work as expected we should create /0 from the
> > userspace via
attempts to call unshare on ve0 to fail.
Signed-off-by: Cyrill Gorcunov
CC: Andrew Vagin
---
net/core/net_namespace.c |6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
Index: linux-pcs7.git/net/core/net_namespace.c
===
-
On Wed, May 13, 2015 at 06:07:35PM +0300, Cyrill Gorcunov wrote:
> When net-exit routine executes we zap ve::ve_netns member
> but we should not nillify ve0::init_net, it's permanent one.
>
> https://jira.sw.ru/browse/PSBM-33480
>
> p.s.: When net unsharing happens on ve0
attempts to call unshare on ve0 to fail.
v2:
- same applies when net namespace is created inside container
itself: don't zap it until the net we're cleaning is the owner
Signed-off-by: Cyrill Gorcunov
CC: Andrew Vagin
---
net/core/net_namespace.c | 12 ++--
1 file chan
On Wed, May 13, 2015 at 07:59:45PM +0300, Cyrill Gorcunov wrote:
> When net-exit routine executes we zap ve::ve_netns member
> but we should not nillify ve0::init_net, it's permanent one.
>
> https://jira.sw.ru/browse/PSBM-33480
>
> p.s.: When net unsharing happens on ve0
On Wed, May 13, 2015 at 08:01:05PM +0300, Cyrill Gorcunov wrote:
> On Wed, May 13, 2015 at 07:59:45PM +0300, Cyrill Gorcunov wrote:
> > When net-exit routine executes we zap ve::ve_netns member
> > but we should not nillify ve0::init_net, it's permanent one.
> >
> >
container.
Signed-off-by: Cyrill Gorcunov
CC: Vladimir Davydov
CC: Konstantin Khorenko
CC: Pavel Emelyanov
CC: Andrey Vagin
---
kernel/cgroup.c | 24 +---
1 file changed, 13 insertions(+), 11 deletions(-)
Index: linux-pcs7.git/kerne
that it's CRIU
who is writting the values (or maybe play with current::nsproxy::fowner_ve).
Anyway, here is a WARN_ON which will nag us to fix the problem.
Signed-off-by: Cyrill Gorcunov
CC: Vladimir Davydov
CC: Konstantin Khorenko
CC: Pavel Emelyanov
CC: Andrey Vagin
---
kernel/cgroup.
Hi! I've had to relax current kernel's restrictions regarding cgroups
code to be able to run checkpoint/restore cycle (note at moment when
second checkpoint/restore executed over previously restored container
the restore procedure stucks for some reason, investigating...)
Still I would love to ini
On Thu, May 14, 2015 at 01:54:08PM +0300, Vladimir Davydov wrote:
> Hi,
>
> On Thu, May 14, 2015 at 01:28:55PM +0300, Cyrill Gorcunov wrote:
> > - criu moves restored process tree into appropriate cgroups
> >(ie @tasks) so that we need to be able to write entries.
On Wed, May 13, 2015 at 09:08:32PM +0300, Cyrill Gorcunov wrote:
>
> Finally tested.
Konstantin, I've been talking to Andrey and it looks like the
patch may be simplified. Once get it tested write the result.
Don't apply it yet please.
_
is created inside container
itself: don't zap it until the net we're cleaning is the owner
v3:
- make it closer to pcs6 code
Signed-off-by: Cyrill Gorcunov
CC: Andrew Vagin
---
net/core/net_namespace.c |6 --
1 file changed, 4 insertions(+), 2 deletions(-)
Index: lin
moves
criu service pid instead (so that the service will
start restore procedure). Which leads to situation
where ve_can_attach fails with -EINVAL.
Reported-by: Nikita Spiridonov
Signed-off-by: Cyrill Gorcunov
CC: Vladimir Davydov
CC: Konstantin Khorenko
CC: Pavel Emelyanov
CC: Andrey Vagin
tring
> (see man echo for details).
>
> Extra symbol will be cut in ve_os_release_write().
>
> https://jira.sw.ru/browse/PSBM-32273
>
> Signed-off-by: Kirill Tkhai
Reviewed-by: Cyrill Gorcunov
___
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
On Mon, May 18, 2015 at 11:21:40AM +0300, Konstantin Khorenko wrote:
> On 05/14/2015 07:52 PM, Cyrill Gorcunov wrote:
> > In vzctl/libvzctl bundle we restore container like
> >
> > - create ve/$ctid cgroup
> > - move self into this cgroup
> > - run criu from in
In PCS7 cgroups are configured from user space, so there is
no longer connection from ve to device cgroup via css as
it was in PCS6. Instead we should open device cgroup explicitly.
https://jira.sw.ru/browse/PSBM-33555
Signed-off-by: Cyrill Gorcunov
CC: Vladimir Davydov
CC: Konstantin Khorenko
ether the task we're attaching should be singlethreaded
task,
either all threads should be moved at once (which as far as I understand is
prepared
by a caller code).
From: Cyrill Gorcunov
Subject: ve: cgroups -- Allow to attach non-self into ve cgroups
In vzctl/libvzctl bundle we restore container
t_undo;
| ...
| return error;
| put_user_ns(user_ns);
| net_drop_ns(net);
| net_free(ns);
|kfree(net->gen);
|kmem_cache_free(net_cachep, net);
So lets call for put_ve to balance.
Signed-off-by: Cyrill Gorcunov
CC: Vladimir Davydov
CC: Konstantin Khorenko
CC: Andrey Vagin
---
On Mon, May 18, 2015 at 07:34:45PM +0300, Vladimir Davydov wrote:
> >
> > /*
> > +* We either moving the whole group of threads,
> > +* either a single thread process.
> > +*/
> > + if (cgroup_taskset_size(tset) == 1) {
>
> != ?
>
> > + task = cgroup_taskset_first(ts
On Mon, May 18, 2015 at 07:33:41PM +0300, Vladimir Davydov wrote:
> On Mon, May 18, 2015 at 01:22:22PM +0300, Cyrill Gorcunov wrote:
> > --- linux-pcs7.git.orig/security/device_cgroup.c
> > +++ linux-pcs7.git/security/device_cgroup.c
> > @@ -1091,10 +1091,16 @@ int devcgrou
On Mon, May 18, 2015 at 07:43:40PM +0300, Cyrill Gorcunov wrote:
> >
> > For uuid-named cgroups ve->veid != cgroup name. You should use ve->name
> > instead. Please fix.
>
> Oh, i forgot about this new approach with uuid containers. Sure will do,
> thank you!
be OR here. Thank you!
From: Cyrill Gorcunov
Subject: ve: cgroups -- Allow to attach non-self into ve cgroups
In vzctl/libvzctl bundle we restore container like
- create ve/$ctid cgroup
- move self into this cgroup
- run criu from inside
So that kernel code passes ve_can_attach test. In t
For readability sake. We've other aligned already.
Signed-off-by: Cyrill Gorcunov
CC: Konstantin Khorenko
---
kernel/ve/ve.c | 16
1 file changed, 8 insertions(+), 8 deletions(-)
Index: linux-pcs7.git/kernel/ve
evices and adding
some additional ioctl makes code only harder to read I propose
to use VE exit hook to cleanup ip address.
With the patch applied I can checkpoint/restore container
with venet configured.
Signed-off-by: Cyrill Gorcunov
CC: Vladimir Davydov
CC: Konstantin Khorenko
CC: Pavel Eme
On Fri, May 22, 2015 at 06:38:06PM +0300, Andrey Vagin wrote:
> On Wed, May 20, 2015 at 08:21:59PM +0300, Cyrill Gorcunov wrote:
> > While been playing with c/r of a container with IP assigned I found that
> > VE exit (ve_drop_context) is happening earlier than venet::exit
> >
On Fri, May 22, 2015 at 06:44:18PM +0300, Cyrill Gorcunov wrote:
> >
> > Is it posibale to unload the venet module? Is it ok with this patch?
>
> If venet module start using IP then no, until IP is release module will
> keep a reference via get-module (ie until VE get stoppe
On Tue, May 26, 2015 at 02:09:14PM +0300, Kirill Tkhai wrote:
> Here are the modules, which need extended permittions
> (see module_payload_allowed() for details).
>
> https://jira.sw.ru/browse/PSBM-33631
>
> Signed-off-by: Kirill Tkhai
Reviewed-b
On Tue, May 26, 2015 at 02:09:25PM +0300, Kirill Tkhai wrote:
> nf_tables is a new netfilter table. Add autoload permittions
> like we have for {ip,ip6,x}tables.
>
> https://jira.sw.ru/browse/PSBM-33631
>
> Signed-off-by: Kirill Tkhai
Reviewed-b
Please take a look, thanks.
___
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
://jira.sw.ru/browse/PSBM-33757
Signed-off-by: Cyrill Gorcunov
CC: Vladimir Davydov
CC: Konstantin Khorenko
CC: Pavel Emelyanov
CC: Andrey Vagin
---
kernel/cgroup.c | 29 +
1 file changed, 29 insertions(+)
Index: linux
we don't need to mount it from
inside of VE anymore and can simply disable.
Signed-off-by: Cyrill Gorcunov
CC: Vladimir Davydov
CC: Konstantin Khorenko
CC: Pavel Emelyanov
CC: Andrey Vagin
---
kernel/cgroup.c | 18 +-
1 file changed, 5 insertions(+), 13 deletions(-)
m
> memcg whenever necessary.
>
> Signed-off-by: Vladimir Davydov
Reviewed-by: Cyrill Gorcunov
___
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
;
> Signed-off-by: Vladimir Davydov
Reviewed-by: Cyrill Gorcunov
___
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
7;t really apply to the running
instance.
Thus when user space tools modify these members make sure
the container is offline.
Reported-by: Kirill Tkhai
Signed-off-by: Cyrill Gorcunov
CC: Vladimir Davydov
CC: Konstantin Khorenko
CC: Pavel Emelyanov
CC: Andrey Vagin
---
kernel/ve/v
On Fri, May 29, 2015 at 11:09:41AM +0300, Vladimir Davydov wrote:
> On Tue, May 26, 2015 at 06:00:51PM +0300, Cyrill Gorcunov wrote:
> > Even mounting knowing cgroups (ie ones which already known to VE and
> > been mounted by vzctl or any other tool for containter sake) is not
>
On Fri, May 29, 2015 at 11:18:52AM +0300, Vladimir Davydov wrote:
> Hi Cyrill,
>
> On Tue, May 26, 2015 at 06:00:52PM +0300, Cyrill Gorcunov wrote:
> > We're bindmounting cgroups for container so if say a container
> > is having CTID=200 then @cgroups and @mountinfo ou
On Fri, May 29, 2015 at 11:37:35AM +0300, Vladimir Davydov wrote:
> >
> > No it can and it does run inside container (I notice some problems
> > though, regardless of how we represent cgroup paths inside container).
> > The main reason is to make /proc/pid/cgroup output to match what is
> > contai
741823 err=-2
> CT: 956ebfc3-3ca9-44e0-9739-ab8abbe50edc: stopped
>
> We should only do that for containers created via the legacy API (vzctl
> ioctl), because for UUID-named containers this is a duty of vzctl.
>
> https://jira.sw.ru/browse/PSBM-33833
>
> Signed-off-by: Vladim
Without it impossible to build kernel with new compiler.
It's a coumulative patch from mainline commits
bebf56a1b176c2e1c9efe44e7e6915532cc682cf
5631b8fba640a4ab2f8a954f63a603fa34eda96b
71458cfc782eafe4b27656e078d379a34e472adf
Signed-off-by: Cyrill Gorcunov
CC: Vladimir Davydo
Guys, could you please take a look once time permit,
does the patch looks sane? The idea behind is to deliver
uevents per VE, not per all net namespaces (moreover we
allow nested net namespaces). It looks like I'm missing
something here, would the construction below fit the
requirement? (with the p
On Tue, Jun 02, 2015 at 08:49:30PM +0300, Cyrill Gorcunov wrote:
> Guys, could you please take a look once time permit,
> does the patch looks sane? The idea behind is to deliver
drop it.
___
Devel mailing list
Devel@openvz.org
https://lists.open
but per-VE. For this sake add @_uevent_sock_list
list into VE instance and gather uevents sockets there.
n.b.: In pcs6 we already have virtualized uevents so no problem there.
Signed-off-by: Cyrill Gorcunov
CC: Andrey Vagin
CC: Vladimir Davydov
CC: Konstantin Khorenko
CC: Pavel Emelyanov
--
On Wed, Jun 03, 2015 at 05:34:51PM +0300, Andrew Vagin wrote:
> > +#ifndef CONFIG_VE
> > static LIST_HEAD(uevent_sock_list);
> elif
> #define uevent_sock_list (get_exec_env()->_uevent_sock_list)
>
> and remove the next ifdef..endif in this file
>
> What do you think about this way?
I did this w
1 - 100 of 609 matches
Mail list logo
