Serge E. Hallyn wrote:
Quoting Oren Laadan (orenl@cs.columbia.edu):
Serge E. Hallyn wrote:
Quoting Oren Laadan (orenl@cs.columbia.edu):
Serge E. Hallyn wrote:
A topic on ksummit agenda is 'containers end-game and how do we get there'.
So for starters, looking just at application (and system) containers, what do the libvirt and liblxc projects want to see in kernel support that is currently missing? Are there specific things that should be done soon to make containers more useful and usable?
More generally, the topic raises the question... what 'end-games' are there? A few I can think of off-hand include:
1. resource control 2. lightweight virtual servers 3. (or 2.5) unprivileged containers/jail-on-steroids (lightweight virtual servers in which you might, just maybe, almost, be able to give away a root account, at least as much as you could do so with a kvm/qemu/xen partition) 4. checkpoint, restart, and migration
For each end-game, what kernel pieces do we think are missing? For instance, people seem agreed that resource control needs io control :) Containers imo need a user namespace. I think there are quite a few network namespace exploiters who require sysfs directory tagging (or some equivalent) to allow us to migrate physical devices into network namespaces. And checkpoint/restart needs... checkpoint/restart. Heh ... it does need ... checkpoint/restart; and a few issues which we should think about sometime -- Yup, these are all things we need to discuss. For some of them we might just need to flail about and code a few approaches until we figure out an answer, but then I think that everyone has thought about a few of these in some detail, so there probably is much we could gain from talking.
... Does this mean we should try to have a mini-summit in the next 6 months or so? I'd recommend having one right before kernel summit so we can get our act together, but getting everyone to tokyo to chat seems uneconomical :) It'd be good to chat about at least the first two items before the summit, though.
How about linux plumbers ?
Well it seems like an appropriate place for it. Alas there is almost no chance of my being there, but let's hear a roll call - how many people (interested in checkpoint/restart) will be or can be at plumber's?
I'm pretty sure Suka and Dave will be there.
Seems like I can make it. Oren.