Bug 463534

Summary: [LTC 6.0 FEAT] 200982:Provide Linux Containers functionality
Product: Red Hat Enterprise Linux 6 Reporter: IBM Bug Proxy <bugproxy>
Component: kernelAssignee: James Takahashi (IBM) <nobody+PNT0273897>
Status: CLOSED CURRENTRELEASE QA Contact: Martin Jenner <mjenner>
Severity: high Docs Contact:
Priority: high    
Version: 6.0CC: ejratl, jlarrew, pbog, peterm
Target Milestone: alphaKeywords: FutureFeature
Target Release: 6.0   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-09-17 21:08:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 356741, 465489    

Description IBM Bug Proxy 2008-09-23 20:31:38 UTC 
=Comment: #0=================================================
Emily J. Ratliff <emilyr.com> - 2008-09-16 17:55 EDT
1. Feature Overview:
Feature Id:	[200982]
a. Name of Feature:	Provide Linux Containers functionality
b. Feature Description
Provide Linux Containers functionality - Containers provide the ability for applications to be
isolated in virtual servers.

2. Feature Details:
Sponsor:	LTC
Architectures:
x86
x86_64
ppc64

Arch Specificity: Both
Affects Core Kernel: Yes
Delivery Mechanism: Direct from community
Category:	Kernel
Request Type:	Kernel - Enhancement from Upstream
d. Upstream Acceptance:	Accepted
Sponsor Priority	1
f. Severity: High
IBM Confidential:	no
Code Contribution:	IBM code
g. Component Version Target:	2.6.27

3. Business Case
Allow customers to better manage system load. User friendly container management is addressed via a
related System Management features.

4. Primary contact at Red Hat: 
John Jarvis
jjarvis

5. Primary contacts at Partner:
Project Management Contact:
Michael Hohnbaum, hbaum.com, 503-578-5486

Technical contact(s):

Serge Hallyn, sergeh.com

IBM Manager:
Pat Gaughen, gaughen.com
Comment 1 IBM Bug Proxy 2009-02-06 15:31:53 UTC 
Following are the kernel .configs needed for containers:

CONFIG_VETH=y
CONFIG_MACVLAN=y
CONFIG_SECURITY_FILE_CAPABILITIES=y
CONFIG_CGROUP_DEVICE=y
CONFIG_UTS_NS=y
CONFIG_IPC_NS=y
CONFIG_USER_NS=y
CONFIG_PID_NS=y
CONFIG_NET_NS=y
CONFIG_DEVPTS_MULTIPLE_INSTANCES=y
CONFIG_CGROUP_FREEZER=y
CONFIG_CGROUP_NS=y
CONFIG_CGROUP_SCHED=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_CGROUP_MEM_RES_CTLR=y
Comment 2 IBM Bug Proxy 2009-03-02 22:30:53 UTC 
All features are upstream as of  2.6.29.

See previous comment for needed .config variables.
Comment 3 Jesse Larrew 2009-06-29 22:38:45 UTC 
Assigning this to Peter Bogdanovic at IBM.
Comment 4 Peter Bogdanovic 2009-09-17 21:08:01 UTC 
All features are upstream as of  2.6.29.

See comment #1 for needed .config variables.
Comment 5 IBM Bug Proxy 2010-05-04 19:40:59 UTC 
------- Comment From sergeh.com 2010-05-04 15:30 EDT-------
The network namespaces do not appear to be working.  The following recipe succeeds on a mainline
kernel, but fails on 2.6.32-19.el6.ppc64

Open two terminals as root.

Terminal 1:
git clone git://git.sr71.net/~hallyn/cr_tests.git
cd cr_tests
git checkout ns_exec
make ns_exec
./ns_exec -cmnp /bin/bash # this starts a new shell
mount -t proc proc /proc

Terminal 2:
# the next two lines try to set 'pid' to the pid of the shell which is child of ns_exec
p2=`pidof -s ns_exec`
pid=`pstree $p2 -p | awk -F\( '{ print $3 '} | awk -F\) '{ print $1 '}`
ip link add type veth
ip link set veth1 netns $pid   # here you use the pid found above
ifconfig veth0 192.168.1.1 up
nc -l 192.168.1.1 9999

Terminal 1:
ifconfig veth1 192.168.1.2 up
route add -host 192.168.1.1 dev veth1
echo hi | nc 192.168.1.1 9999

Expected result:  'hi' shows up in Terminal 2.  This happens with mainstream kernel,
but not on 2.6.32-19.el6.ppc64
Comment 6 IBM Bug Proxy 2010-05-04 20:00:40 UTC 
------- Comment From sergeh.com 2010-05-04 15:50 EDT-------
Sorry, Dan Smith points out i was defeated by the firewall.

All containers functionality appears to be present and functioning.