Bug 463534 - [LTC 6.0 FEAT] 200982:Provide Linux Containers functionality
[LTC 6.0 FEAT] 200982:Provide Linux Containers functionality
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: kernel (Show other bugs)
6.0
All All
high Severity high
: alpha
: 6.0
Assigned To: James Takahashi
Martin Jenner
: FutureFeature
Depends On:
Blocks: 356741 RHEL6Kernel2.6.27
  Show dependency treegraph
 
Reported: 2008-09-23 16:31 EDT by IBM Bug Proxy
Modified: 2010-10-18 15:18 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-09-17 17:08:01 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description IBM Bug Proxy 2008-09-23 16:31:38 EDT
=Comment: #0=================================================
Emily J. Ratliff <emilyr@us.ibm.com> - 2008-09-16 17:55 EDT
1. Feature Overview:
Feature Id:	[200982]
a. Name of Feature:	Provide Linux Containers functionality
b. Feature Description
Provide Linux Containers functionality - Containers provide the ability for applications to be
isolated in virtual servers.

2. Feature Details:
Sponsor:	LTC
Architectures:
x86
x86_64
ppc64

Arch Specificity: Both
Affects Core Kernel: Yes
Delivery Mechanism: Direct from community
Category:	Kernel
Request Type:	Kernel - Enhancement from Upstream
d. Upstream Acceptance:	Accepted
Sponsor Priority	1
f. Severity: High
IBM Confidential:	no
Code Contribution:	IBM code
g. Component Version Target:	2.6.27

3. Business Case
Allow customers to better manage system load. User friendly container management is addressed via a
related System Management features.

4. Primary contact at Red Hat: 
John Jarvis
jjarvis@redhat.com

5. Primary contacts at Partner:
Project Management Contact:
Michael Hohnbaum, hbaum@us.ibm.com, 503-578-5486

Technical contact(s):

Serge Hallyn, sergeh@us.ibm.com

IBM Manager:
Pat Gaughen, gaughen@us.ibm.com
Comment 1 IBM Bug Proxy 2009-02-06 10:31:53 EST
Following are the kernel .configs needed for containers:

CONFIG_VETH=y
CONFIG_MACVLAN=y
CONFIG_SECURITY_FILE_CAPABILITIES=y
CONFIG_CGROUP_DEVICE=y
CONFIG_UTS_NS=y
CONFIG_IPC_NS=y
CONFIG_USER_NS=y
CONFIG_PID_NS=y
CONFIG_NET_NS=y
CONFIG_DEVPTS_MULTIPLE_INSTANCES=y
CONFIG_CGROUP_FREEZER=y
CONFIG_CGROUP_NS=y
CONFIG_CGROUP_SCHED=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_CGROUP_MEM_RES_CTLR=y
Comment 2 IBM Bug Proxy 2009-03-02 17:30:53 EST
All features are upstream as of  2.6.29.

See previous comment for needed .config variables.
Comment 3 Jesse Larrew 2009-06-29 18:38:45 EDT
Assigning this to Peter Bogdanovic at IBM.
Comment 4 Peter Bogdanovic 2009-09-17 17:08:01 EDT
All features are upstream as of  2.6.29.

See comment #1 for needed .config variables.
Comment 5 IBM Bug Proxy 2010-05-04 15:40:59 EDT
------- Comment From sergeh@us.ibm.com 2010-05-04 15:30 EDT-------
The network namespaces do not appear to be working.  The following recipe succeeds on a mainline
kernel, but fails on 2.6.32-19.el6.ppc64

Open two terminals as root.

Terminal 1:
git clone git://git.sr71.net/~hallyn/cr_tests.git
cd cr_tests
git checkout ns_exec
make ns_exec
./ns_exec -cmnp /bin/bash # this starts a new shell
mount -t proc proc /proc

Terminal 2:
# the next two lines try to set 'pid' to the pid of the shell which is child of ns_exec
p2=`pidof -s ns_exec`
pid=`pstree $p2 -p | awk -F\( '{ print $3 '} | awk -F\) '{ print $1 '}`
ip link add type veth
ip link set veth1 netns $pid   # here you use the pid found above
ifconfig veth0 192.168.1.1 up
nc -l 192.168.1.1 9999

Terminal 1:
ifconfig veth1 192.168.1.2 up
route add -host 192.168.1.1 dev veth1
echo hi | nc 192.168.1.1 9999

Expected result:  'hi' shows up in Terminal 2.  This happens with mainstream kernel,
but not on 2.6.32-19.el6.ppc64
Comment 6 IBM Bug Proxy 2010-05-04 16:00:40 EDT
------- Comment From sergeh@us.ibm.com 2010-05-04 15:50 EDT-------
Sorry, Dan Smith points out i was defeated by the firewall.

All containers functionality appears to be present and functioning.

Note You need to log in before you can comment on or make changes to this bug.