[cap-talk] Domain change (IPC?) overhead
Raoul Duke
raould at gmail.com
Tue Mar 25 15:28:26 EDT 2008
P.S.: OpenVZ isn't just accounting, it is also enforcing limits. But
they are per virtual machine I think more than per user.
On Tue, Mar 25, 2008 at 12:27 PM, Raoul Duke <raould at gmail.com> wrote:
> > Most current desktop and server OS's effectively don't address those
> > issues, either. If one process decides to go hog wild and monopolize
> > all shared resources (e.g., all CPU), my OS will basically let it do so.
> > They don't even take care of accounting.
> >
> > One possible interpretation of this state of affairs: people don't
> > consider storage isolation, accounting, and scheduling to be a
> > particularly important or critical security mechanism.
> >
> > The above is deliberately intended as a "devil's advocate" view to try
> > to expand my understanding. What do you think?
>
> Seems like virtualization is making people think about it more now.
> IIRC the OpenVZ project uses a bunch of accounting code that
> originally had been simply for regular Linux, but nobody seemed to
> want to use the features. So the ideas and even code have been around
> for a while, it was just waiting for regular folks to wake up and care
> about using them. I think maybe the folks who originally implemented
> those features are the ones who went on to do OpenVZ?
>
> I assume there are more serious OSs that support all that kind of
> stuff from ages ago. OpenVMS has accounting, presumably it has ways to
> enforce limits as well?
>
> sincerely.
>
More information about the cap-talk
mailing list