LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: serge@hallyn.com
To: Nick Andrew <nick@nick-andrew.net>
Cc: Randy Dunlap <randy.dunlap@oracle.com>,
	Pavel Emelyanov <xemul@openvz.org>,
	trivial@kernel.org, linux-kernel@vger.kernel.org,
	Serge Hallyn <serue@us.ibm.com>
Subject: Re: [PATCH 2.6.25-rc2 3/9] config: Improve init/Kconfig help descriptions - namespaces
Date: Wed, 20 Feb 2008 10:50:34 -0600	[thread overview]
Message-ID: <20080220165034.GA14550@vino.hallyn.com> (raw)
In-Reply-To: <20080220121915.GA2169@tull.net>

Quoting Nick Andrew (nick@nick-andrew.net):
> Rewrite the help descriptions for clarity, accuracy and consistency.
> 
> Kernel config options affected:
> 
>   - NAMESPACES
>   - UTS_NS
>   - IPC_NS
>   - USER_NS
>   - PID_NS
> 
> Signed-off-by: Nick Andrew <nick@nick-andrew.net>
> ---
> Here's try #2 at the 3rd patch in the series, for namespace
> descriptions. Patching against Linus' git tree now, and trying
> to comply with the standards for submitting patches. Each of
> the UTS/IPC/USER/PID descriptions is subtly different, but I
> hope they all are clear and accurate.
> 
> 
> --- a/init/Kconfig	2008-02-20 09:34:48.000000000 +1100
> +++ b/init/Kconfig	2008-02-20 22:55:41.000000000 +1100
> @@ -414,31 +414,71 @@
>  	bool "Namespaces support" if EMBEDDED
>  	default !EMBEDDED
>  	help
> -	  Provides the way to make tasks work with different objects using
> -	  the same id. For example same IPC id may refer to different objects
> -	  or same user id or pid may refer to different tasks when used in
> -	  different namespaces.
> +	  Select various namespace options.
> +
> +	  Namespaces allow different kernel objects (such as processes
> +	  or sockets) to have the same ID in different namespaces.
> +	  Identifiers like process IDs, which historically were globally
> +	  unique, will now be unique only within each PID namespace.
> +	  Each task can refer only to PIDs within the same namespace
> +	  as the task itself.
> +
> +	  Namespaces are used by container systems (i.e. vservers)
> +	  to provide isolation between the containers.
> +
> +	  This option does not affect any kernel code directly; it merely
> +	  allows you to select namespace options below.
> +
> +	  Answer Y if you will be using a container system, and you
> +	  will probably want to enable all the namespace options
> +	  below.
>  
>  config UTS_NS
>  	bool "UTS namespace"
>  	depends on NAMESPACES
>  	help
> -	  In this namespace tasks see different info provided with the
> -	  uname() system call
> +	  Enable support for multiple UTS system attributes.
> +
> +	  Each UTS namespace provides an individual view of the
> +	  information returned by the uname() system call including
> +	  hostname, kernel version and domain name.
> +
> +	  This is used by container systems (i.e. vservers) so that
> +	  each container has its own hostname and other attributes.
> +	  Tasks in the container are placed in the UTS namespace
> +	  corresponding to the container.
> +
> +	  Answer Y if you will be using a container system.
>  
>  config IPC_NS
>  	bool "IPC namespace"
>  	depends on NAMESPACES && SYSVIPC
>  	help
> -	  In this namespace tasks work with IPC ids which correspond to
> -	  different IPC objects in different namespaces
> +	  Enable support for namespace-specific IPC IDs.
> +
> +	  IPC IDs will be unique only within each IPC namespace.
> +
> +	  This is used by container systems (i.e. vservers).
> +	  Tasks in the container are placed in the IPC namespace
> +	  corresponding to the container.
> +
> +	  Answer Y if you will be using a container system.
>  
>  config USER_NS
>  	bool "User namespace (EXPERIMENTAL)"
>  	depends on NAMESPACES && EXPERIMENTAL
>  	help
> -	  This allows containers, i.e. vservers, to use user namespaces
> -	  to provide different user info for different servers.
> +	  Enable experimental support for user namespaces.
> +
> +	  This is a function used by container-based virtualisation systems
> +	  (e.g. vservers). User namespaces are intended to ensure that
> +	  processes with the same uid which are in different containers are
> +	  isolated from each other.
> +
> +	  Currently user namespaces provide separate accounting, while
> +	  isolation must be provided using SELinux or a custom security
> +	  module.
> +
>  	  If unsure, say N.
>  
>  config PID_NS
> @@ -446,12 +486,20 @@
>  	default n
>  	depends on NAMESPACES && EXPERIMENTAL
>  	help
> -	  Suport process id namespaces.  This allows having multiple
> -	  process with the same pid as long as they are in different
> -	  pid namespaces.  This is a building block of containers.
> +	  Enable experimental support for hierarchical process id namespaces.
>  
> -	  Unless you want to work with an experimental feature
> -	  say N here.
> +	  Process IDs will be unique only within each PID namespace.
> +	  This allows multiple processes to have the same PID
> +	  so long as they are in different PID namespaces. Furthermore,
> +	  each process will have a distinct PID in each namespace
> +	  the process is in.
> +
> +	  This is used by container systems (i.e. vservers).
> +	  Tasks in the container are placed in the PID namespace
> +	  corresponding to the container, and can only see or
> +	  affect processes in the same PID namespace.

Hi Nick,

thanks for all this work.

Perhaps it would be better to have a Documentation/Namespaces/PID file
describing these semantics, and have the description read something
briefer like

	  Pid namespaces provide filtered views of processes and their
	  process ids.  This features is used to implement containers.
	  Please see Documentation/Namespaces/PID for details.

But in any case with Pavel's comments this looks very good.

thanks,
-serge

> +
> +	  If unsure, say N.
>  
>  config BLK_DEV_INITRD
>  	bool "Initial RAM filesystem and RAM disk (initramfs/initrd) support"
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/

  parent reply	other threads:[~2008-02-20 16:53 UTC|newest]

Thread overview: 50+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-02-19 14:06 Improve init/Kconfig help descriptions [PATCH 0/9] Nick Andrew
2008-02-19 14:09 ` Improve init/Kconfig help descriptions [PATCH 1/9] Nick Andrew
2008-02-19 14:11 ` Improve init/Kconfig help descriptions [PATCH 2/9] Nick Andrew
2008-02-19 14:33 ` Improve init/Kconfig help descriptions [PATCH 3/9] Nick Andrew
2008-02-19 14:42   ` Pavel Emelyanov
2008-02-19 15:10     ` Nick Andrew
2008-02-19 15:16       ` Pavel Emelyanov
2008-02-19 15:50         ` Serge E. Hallyn
2008-02-19 16:44         ` Randy Dunlap
2008-02-19 22:41           ` Nick Andrew
2008-02-20 12:19           ` [PATCH 2.6.25-rc2 3/9] config: Improve init/Kconfig help descriptions - namespaces Nick Andrew
2008-02-20 12:23             ` Pavel Emelyanov
2008-02-20 13:01               ` Nick Andrew
2008-02-20 13:07                 ` Pavel Emelyanov
2008-02-20 16:50             ` serge [this message]
2008-02-20 23:10               ` Nick Andrew
2008-02-19 14:38 ` Improve init/Kconfig help descriptions [PATCH 4/9] Nick Andrew
2008-02-20  3:42   ` Valdis.Kletnieks
2008-02-20 22:17     ` Nick Andrew
2008-02-19 14:53 ` Improve init/Kconfig help descriptions [PATCH 5/9] Nick Andrew
2008-02-19 20:17   ` Randy Dunlap
2008-02-19 15:12 ` Improve init/Kconfig help descriptions [PATCH 6/9] Nick Andrew
2008-02-19 15:39   ` Paul Jackson
2008-02-20 12:41     ` Nick Andrew
2008-02-20 16:43       ` Paul Jackson
2008-02-20  2:04   ` Paul Menage
2008-02-20  2:54     ` Nick Andrew
2008-02-20  3:12       ` Paul Menage
2008-02-20 16:55       ` serge
2008-02-20 21:31         ` Nick Andrew
2008-02-19 15:15 ` Improve init/Kconfig help descriptions [PATCH 7/9] Nick Andrew
2008-02-19 15:21 ` Improve init/Kconfig help descriptions [PATCH 8/9] Nick Andrew
2008-02-19 15:27 ` Improve init/Kconfig help descriptions [PATCH 9/9] Nick Andrew
2008-02-20 22:33 ` [PATCH 2.6.25-rc2 1/9] init: Improve init/Kconfig help descriptions part 1 Nick Andrew
     [not found] ` <200802220014.m1M0Dh5r022354@rgminet03.oracle.com>
2008-02-22  0:19   ` [PATCH 2.6.25-rc2 5/9] Kconfig: Improve init/Kconfig help descriptions - IKCONFIG etc Randy Dunlap
2008-02-22  0:48 ` [PATCH 2.6.25-rc2 1/9] Kconfig: Improve init/Kconfig help descriptions part 1 Nick Andrew
2008-02-22  0:49 ` [PATCH 2.6.25-rc2 2/9] Kconfig: Improve init/Kconfig help descriptions - TASKSTATS Nick Andrew
2008-02-22  0:51 ` [PATCH 2.6.25-rc2 3/9] Kconfig: Improve init/Kconfig help descriptions - NAMESPACES Nick Andrew
2008-02-27 23:00   ` Nick Andrew
2008-02-27 23:08     ` Serge E. Hallyn
2008-02-22  0:52 ` [PATCH 2.6.25-rc2 4/9] Kconfig: Improve init/Kconfig help descriptions - AUDIT Nick Andrew
2008-02-22  0:54 ` [PATCH 2.6.25-rc2 5/9] Kconfig: Improve init/Kconfig help descriptions - IKCONFIG etc Nick Andrew
2008-02-22  0:55 ` [PATCH 2.6.25-rc2 6/9] Kconfig: Improve init/Kconfig help descriptions - CGROUPS Nick Andrew
2008-02-22  0:56 ` [PATCH 2.6.25-rc2 7/9] Kconfig: Improve init/Kconfig help descriptions - EMBEDDED etc Nick Andrew
2008-02-22  0:58 ` [PATCH 2.6.25-rc2 8/9] Kconfig: Improve init/Kconfig help descriptions - SLAB Nick Andrew
2008-02-22  0:59 ` [PATCH 2.6.25-rc2 9/9] Kconfig: Improve init/Kconfig help descriptions - MODULES Nick Andrew
     [not found] ` <200802220010.m1M0Arr7024044@vzorg.swsoft.net>
2008-02-22  8:14   ` [PATCH 2.6.25-rc2 3/9] Kconfig: Improve init/Kconfig help descriptions - NAMESPACES Pavel Emelyanov
     [not found] ` <200802220010.m1M0Auqn024414@e5.ny.us.ibm.com>
2008-02-22 22:14   ` Serge E. Hallyn
2008-02-23  1:12     ` Nick Andrew
2008-02-23  3:45       ` Serge E. Hallyn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080220165034.GA14550@vino.hallyn.com \
    --to=serge@hallyn.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=nick@nick-andrew.net \
    --cc=randy.dunlap@oracle.com \
    --cc=serue@us.ibm.com \
    --cc=trivial@kernel.org \
    --cc=xemul@openvz.org \
    --subject='Re: [PATCH 2.6.25-rc2 3/9] config: Improve init/Kconfig help descriptions - namespaces' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).