深 入解析 Docker 背后的 Linux 内核技术. 孙健波浙江 大学 SEL/VLIS 实验室
|
|
- Eleanore Bradley
- 6 years ago
- Views:
Transcription
1 深 入解析 Docker 背后的 Linux 内核技术 孙健波浙江 大学 SEL/VLIS 实验室
2 Agenda Namespace ipc uts pid network mount user Cgroup what are cgroups? usage concepts implementation
3 What is Namespace? Lightweight Process virtualization hostname IPC network stack PID1,PID2,. uid,gid,capabilities Isolation:Enable a process (or several processes) to have different views of the system than other processes. filesystem hostname IPC network stack filesystem PID1,PID2,. uid,gid,capabilities
4 namespaces There are currently 6 namespaces: uts (hostname) ipc (System V IPC) net (network stack) mnt (mount points, filesystems) pid (processes) user (UIDs)
5 /proc/[pid]/ns use mount to keep namespace alive
6 APIs Three system calls are used. clone() unshare() setns()
7 clone() namespace process clone() new namespace new process creates a new process and a new namespace
8 unshare() namespace creates a new namespace attaches the current process to it process new namespace unshare() process
9 setns() namespace A process setns() namespace B process joining an existing namespace.
10 UTS namespace struct task_struct *nsproxy static inline struct new_utsname *utsname(void){ return ¤t->nsproxy->uts_ns->name; } struct nsproxy *uts_ns *mnt_ns *net_ns *pid_ns *ipc_ns struct uts_namespace cee nodename sysname release version machine SYSCALL_DEFINE2(gethostname, char user *, name, int, len){ struct new_utsname *u;... u = utsname(); if (copy_to_user(name, u->nodename, i)) errno = -EFAULT;... }
11 IPC namespace the principle is the same more code
12 Network namespace logically another copy of the network stack use pipe to create veth pair to communicate container namespace A eth0 container namespace B eth0 veth veth Host Bridge: docker0 Physical Network Device
13 Mount namespace mount namespace /bin /lib /proc /root First namespace in history master share private unbindable Default to create a new copy instead of point to root namespace slave share private /bin /lib /proc share child namespace share /bin another namespace
14 PID namespace Same PID in different namespace can be nested up to 32 levels PID 1 = init process child reaping ignore SIGKILL
15 User namespace normal user Will be supported by Docker in future. user namespace (privileged user) Docker in Yarn pid mount network uts ipc
16 What are cgroups? Control Groups provide a mechanism for aggregating/partitioning sets of tasks, and all their future children, into hierarchical groups with specialized behaviour.
17 Usage of cgroups Resource Limitation:groups can be set to not exceed a configured limit Prioritization:some groups may get a larger share of CPU utilization or disk I/O throughput Accounting:measures how much resources certain systems use Control :freezing the groups of processes, their checkpointing and restarting
18 Concepts cgroup a group of tasks with shared characteristics subsystem a module that applies parameters to cgroups to control them in particular ways, typically for resource management hierarchy a set of cgroups organized in a hierarchical tree, plus one or more subsystems associated with that tree VFS -> API
19 Cgroups Example two hierarchy /cgroup /cgroup/memlimits (memory subsystem mount point & hierarchy) /cgroup/cpulimits (cpuset subsystem mount point & hierarchy) /cgroup/memlimits/student /cgroup/memlimits/teacher /cgroup/cpulimits/student /cgroup/cpulimits/teacher memory.limit=1g tasks=1,2,3,4,5 memory.limit=2g tasks= 6,7,8 cpuset.cpus=0-1 tasks=1,2,3,4,5 cpuset.cpus=0-3 tasks= 6,7,8
20 Parameters Examples cpuset subsystem cpuset.cpus: defines the set of cpus that the tasks in the cgroup are allowed to execute on echo 0-2 > /cgroup/cpuset/lab2/cpuset.cpus memory subsystem memory.limit_in_bytes: sets the maximum amount of user memory echo 1G > /cgroup/memory/lab1/memory.limit_in_bytes
21 Relationships Between Subsystems, Hierarchies, Control Groups and Tasks Rule 1
22 Relationships Between Subsystems, Hierarchies, Control Groups and Tasks Rule 2
23 Relationships Between Subsystems, Hierarchies, Control Groups and Tasks Rule 3
24 Relationships Between Subsystems, Hierarchies, Control Groups and Tasks Rule 4
25 Current subsystems used by Docker cpuset controls access to individual CPUs and memory nodes by a cgroup cpu schedules CPU access to cgroups cpuacct reports CPU resource usage by a cgroup memory controls access to memory resources and reports memory resource usage by a cgroup devices controls access to devices by a cgroup; e.g., gpus freezer suspends and resumes tasks in a cgroup blkio tracks I/O ownership, allowing control of access to block I/O resources
26 cgroups hooks task_struct css_set cg_cgroup_link cgroup list_head cgrp_link_list css_set *cgroups hlist_node hlist cgroup *cgrp cgroup_subsys_state *subsys[] list_head cg_list list_head tasks list_head cg_link_list list_head css_sets list_head cg_links css_set *cg cgroupfs_root *root cgroup_subsys_state *subsys[] cgroup_subsys_ state css_set_hash() cgroup *cgroup cgroup_subsys func create css_set_table func destroy cpuset cgroupfs_root func attach func fork func exit freezer blkio_cgrou p int hierarchy_id list_head root_list int subsys_id cgroupfs_root *root list_head subsys_list list_head sibling
27 References Red_Hat_Enterprise_Linux/6/html/ Resource_Management_Guide/
28 Thanks!
OS Containers. Michal Sekletár November 06, 2016
OS Containers Michal Sekletár msekleta@redhat.com November 06, 2016 whoami Senior Software Engineer @ Red Hat systemd and udev maintainer Free/Open Source Software contributor Michal Sekletár msekleta@redhat.com
More information1 Virtualization Recap
1 Virtualization Recap 2 Recap 1 What is the user part of an ISA? What is the system part of an ISA? What functionality do they provide? 3 Recap 2 Application Programs Libraries Operating System Arrows?
More informationSee Docker from the Perspective of Linux Process. Allen Hangzhou Docker Meetup
See Docker from the Perspective of Linux Process Allen Sun@DaoCloud Hangzhou Docker Meetup 2015.03.14 Agenda 1. Prerequisite Linux Process (do_fork / copy_process ) Namespaces 2. How Docker deals process
More informationContainer mechanics in Linux and rkt FOSDEM 2016
Container mechanics in Linux and rkt FOSDEM 2016 Alban Crequy github.com/alban Jonathan Boulle github.com/jonboulle @baronboulle a modern, secure, composable container runtime an implementation of appc
More informationIntroduction to Container Technology. Patrick Ladd Technical Account Manager April 13, 2016
Introduction to Container Technology Patrick Ladd Technical Account Manager April 13, 2016 Container Technology Containers 3 "Linux Containers" is a Linux kernel feature to contain a group of processes
More informationSlurm Support for Linux Control Groups
Slurm Support for Linux Control Groups Slurm User Group 2010, Paris, France, Oct 5 th 2010 Martin Perry Bull Information Systems Phoenix, Arizona martin.perry@bull.com cgroups Concepts Control Groups (cgroups)
More informationLXC(Linux Container) Lightweight virtual system mechanism Gao feng
LXC(Linux Container) Lightweight virtual system mechanism Gao feng gaofeng@cn.fujitsu.com 1 Outline Introduction Namespace System API Libvirt LXC Comparison Problems Future work 2 Introduction Container:
More informationPROCESS MANAGEMENT Operating Systems Design Euiseong Seo
PROCESS MANAGEMENT 2016 Operating Systems Design Euiseong Seo (euiseong@skku.edu) Definition A process is a program in execution Context Resources Specifically, Register file state Address space File and
More informationContainers and isolation as implemented in the Linux kernel
Containers and isolation as implemented in the Linux kernel Technical Deep Dive Session Hannes Frederic Sowa Senior Software Engineer 13. September 2016 Outline Containers and isolation
More informationAdvanced Topics. Network Namespaces CHAPTER 14
CHAPTER 14 Advanced Topics Chapter 13 dealt with the InfiniBand subsystem and its implementation in Linux. This chapter deals with several advanced topics and some topics that didn t fit logically into
More informationRDMA Container Support. Liran Liss Mellanox Technologies
RDMA Container Support Liran Liss Mellanox Technologies Agenda Containers 101 RDMA isolation Namespace support Controller support Putting it all together Status Conclusions March 15 18, 2015 #OFADevWorkshop
More informationDocker A FRAMEWORK FOR DATA INTENSIVE COMPUTING
Docker A FRAMEWORK FOR DATA INTENSIVE COMPUTING Agenda Intro / Prep Environments Day 1: Docker Deep Dive Day 2: Kubernetes Deep Dive Day 3: Advanced Kubernetes: Concepts, Management, Middleware Day 4:
More informationReal-Time Task Partitioning using Cgroups
Real-Time Task Partitioning using Cgroups Akihiro SUZUKI Advanced Software Technology Group Corporate Software Engineering Center TOSHIBA CORPORATION 2013/06/07 Copyright 2013, Toshiba Corporation. Self-Introduction
More informationIntroduction to containers
Introduction to containers Nabil Abdennadher nabil.abdennadher@hesge.ch 1 Plan Introduction Details : chroot, control groups, namespaces My first container Deploying a distributed application using containers
More informationEngineering Robust Server Software
Engineering Robust Server Software Containers Isolation Isolation: keep different programs separate Good for security Might also consider performance isolation Also has security implications (side channel
More informationSOFT CONTAINER TOWARDS 100% RESOURCE UTILIZATION ACCELA ZHAO, LAYNE PENG
SOFT CONTAINER TOWARDS 100% RESOURCE UTILIZATION ACCELA ZHAO, LAYNE PENG 1 WHO ARE THOSE GUYS Accela Zhao, Technologist at EMC OCTO, active Openstack community contributor, experienced in cloud scheduling
More informationLarge Systems: Design + Implementation: Virtualization. Image (c) Facebook
Large Systems: Design + Implementation: Image (c) Facebook Virtualization Virtualization What is Virtualization "a technique for hiding the physical characteristics of computing resources from the way
More informationProceedings of NetDev 1.1: The Technical Conference on Linux Networking (February 10th-12th Seville, Spain)
About Myself: I am a working for Intel for various projects, primarily Kernel networking. My website: http://ramirose.wix.com/ramirosen I am the author of a book titled Linux Kernel Networking by Apress,
More informationISSN (Online)
Build Minimal Docker Container Using Golang [1] Biradar Sangam.M, [2] R.Shekhar [1][2] Department of Computer Science & Engineering, Alliance University, Bangalore, INDIA Abstract: - Docker container is
More informationFOSDEM 18. LTTng: The road to container awareness.
FOSDEM 18 LTTng: The road to container awareness mjeanson@efficios.com Who am I? Michael Jeanson Software developer @ EfficiOS Debian Developer What s LTTng? 2 tracers Kernel : lttng-modules Userspace
More informationNamespaces and Cgroups the basis of Linux Containers. Rami Rosen.
Namespaces and Cgroups the basis of Linux Containers Rami Rosen http://ramirose.wix.com/ramirosen About me: kernel developer, mostly around networking and device drivers, author of Linux Kernel Networking,
More informationNamespaces and Capabilities Overview and Recent Developments
Namespaces and Capabilities Overview and Recent Developments Linux Security Summit Europe Edinburgh, Scotland Christian Brauner christian@brauner.io christian.brauner@ubuntu.com @brau_ner https://brauner.github.io/
More informationUser Namespaces. Linux Capabilities and Namespaces. Outline. Michael Kerrisk, man7.org c 2018 March 2018
Linux Capabilities and Namespaces User Namespaces Michael Kerrisk, man7.org c 2018 mtk@man7.org March 2018 Outline 9 User Namespaces 9-1 9.1 Introduction 9-3 9.2 Creating and joining a user NS 9-9 9.3
More informationLinux-CR: Transparent Application Checkpoint-Restart in Linux
Linux-CR: Transparent Application Checkpoint-Restart in Linux Oren Laadan Columbia University orenl@cs.columbia.edu Serge E. Hallyn IBM serge@hallyn.com Linux Symposium, July 2010 1 orenl@cs.columbia.edu
More informationTutorial 3: Cgroups Support On SLURM
Tutorial 3: Cgroups Support On SLURM SLURM User Group 2012, Barcelona, October 9-10 th 2012 Martin Perry email: martin.perry@bull.com Yiannis Georgiou email: yiannis.georgiou@bull.fr Matthieu Hautreux
More informationWhat s new in control groups (cgroups) v2
Open Source Summit Europe 2018 What s new in control groups (cgroups) v2 Michael Kerrisk, man7.org c 2018 mtk@man7.org Open Source Summit Europe 21 October 2018, Edinburgh, Scotland Outline 1 Introduction
More informationHigh Performance Containers. Convergence of Hyperscale, Big Data and Big Compute
High Performance Containers Convergence of Hyperscale, Big Data and Big Compute Christian Kniep Technical Account Manager, Docker Brief Recap of Container Technology Brief History of Container Technology
More informationMaking Applications Mobile
Making Applications Mobile using containers Ottawa Linux Symposium, July 2006 Cedric Le Goater Daniel Lezcano Clement Calmels Dave Hansen
More informationDocker Rocker. Aliyun wzt
Docker Rocker Aliyun wzt Namespace Unix fork process - task_struct/thread_struct - - - - - - - - - - - / \- - - - - - - - - - - - - - - - - - - fork / fork \ fork thread1 - - - - - - - - - - - - - - -
More informationNeale Ferguson
Introduction to Docker & OpenShift Neale Ferguson 2017-06-24 http://download.sinenomine.net/clefos/epel7/getting_started_with_openshift_on_z.pdf Preface Examples built and run using ClefOS 7.3 CentOS Clone
More informationOutline. Cgroup hierarchies
Outline 4 Cgroups 4-1 4.1 Introduction 4-3 4.2 Cgroups v1: hierarchies and controllers 4-16 4.3 Cgroups v1: populating a cgroup 4-24 4.4 Cgroups v1: a survey of the controllers 4-38 4.5 Cgroups /proc files
More informationDocker Deep Dive. Daniel Klopp
Docker Deep Dive Daniel Klopp The Talk I m not telling you what fishing rod to use The Talk I m not telling you what fishing rod to use I m helping you understand the fishing rod The Talk I m not telling
More informationPROCESS MANAGEMENT. Operating Systems 2015 Spring by Euiseong Seo
PROCESS MANAGEMENT Operating Systems 2015 Spring by Euiseong Seo Today s Topics Process Concept Process Scheduling Operations on Processes Interprocess Communication Examples of IPC Systems Communication
More informationThe Classical OS Model in Unix
The Classical OS Model in Unix Nachos Exec/Exit/Join Example Exec parent Join Exec child Exit SpaceID pid = Exec( myprogram, 0); Create a new process running the program myprogram. int status = Join(pid);
More informationComputer Systems II. First Two Major Computer System Evolution Steps
Computer Systems II Introduction to Processes 1 First Two Major Computer System Evolution Steps Led to the idea of multiprogramming (multiple concurrent processes) 2 1 At First (1945 1955) In the beginning,
More informationOS Security III: Sandbox and SFI
1 OS Security III: Sandbox and SFI Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 VMs on lab machine Extension? 3 Users and processes FACT: although ACLs use users as subject, the OS
More informationControl Groups (cgroups)
LinuxCon Europe 2016 Control Groups (cgroups) c 2016 Michael Kerrisk man7.org Training and Consulting http://man7.org/training/ @mkerrisk mtk@man7.org 4 October 2016 Berlin, Germany Outline 1 Introduction
More informationContainer's Anatomy. Namespaces, cgroups, and some filesystem magic 1 / 59
Container's Anatomy Namespaces, cgroups, and some filesystem magic 1 / 59 Who am I? Jérôme Petazzoni (@jpetazzo) French software engineer living in California I have built and scaled the dotcloud PaaS
More informationOutline. Cgroup hierarchies
Outline 15 Cgroups 15-1 15.1 Introduction to cgroups v1 and v2 15-3 15.2 Cgroups v1: hierarchies and controllers 15-17 15.3 Cgroups v1: populating a cgroup 15-24 15.4 Cgroups v1: a survey of the controllers
More informationProcesses. Dr. Yingwu Zhu
Processes Dr. Yingwu Zhu Process Growing Memory Stack expands automatically Data area (heap) can grow via a system call that requests more memory - malloc() in c/c++ Entering the kernel (mode) Hardware
More informationChapter 3: Processes. Operating System Concepts 9 th Edit9on
Chapter 3: Processes Operating System Concepts 9 th Edit9on Silberschatz, Galvin and Gagne 2013 Chapter 3: Processes 1. Process Concept 2. Process Scheduling 3. Operations on Processes 4. Interprocess
More informationUnderstanding user namespaces
Understanding user namespaces Understanding user namespaces Michael Kerrisk, man7.org c 2018 mtk@man7.org 31 January 2018, San Jose, CA, USA Outline 1 Introduction 3 2 Some background: capabilities 6 3
More informationSAINT LOUIS JAVA USER GROUP MAY 2014
SAINT LOUIS JAVA USER GROUP MAY 2014 STEVEN BORRELLI steve@borrelli.org @stevendborrelli ABOUT ME FIRST COMPUTER: SYSTEMS ENGINEERING MANAGEMENT FOUNDER, ASTERIS (JAN 2014) @ ORGANIZER OF STL MACHINE LEARNING
More informationIntroduction to Virtualization and Containers Phil Hopkins
Introduction to Virtualization and Containers Phil Hopkins @twitterhandle Virtualization What is it? Introduction to Virtualization and Containers What the heck is a hypervisor? Why are there so many of
More informationTHE ROUTE TO ROOTLESS
THE ROUTE TO ROOTLESS THE ROUTE TO ROOTLESS BILL AND TED'S ROOTLESS ADVENTURE THE ROUTE TO ROOTLESS WHAT SECURITY PROBLEM IS GARDEN SOLVING IN CLOUD FOUNDRY? THE PROBLEM IN CLOUD FOUNDRY Public Multi-Tenant
More informationSandboxing. CS-576 Systems Security Instructor: Georgios Portokalidis Spring 2018
Sandboxing CS-576 Systems Security Instructor: Georgios Portokalidis Sandboxing Means Isolation Why? Software has bugs Defenses slip Untrusted code Compartmentalization limits interference and damage!
More informationAgenda Process Concept Process Scheduling Operations on Processes Interprocess Communication 3.2
Lecture 3: Processes Agenda Process Concept Process Scheduling Operations on Processes Interprocess Communication 3.2 Process in General 3.3 Process Concept Process is an active program in execution; process
More informationChap 4, 5: Process. Dongkun Shin, SKKU
Chap 4, 5: Process 1 Process Concept Job A bundle of program and data to be executed An entity before submission for execution Process (= running program) An entity that is registered to kernel for execution
More informationA Lightweight OS-Level Virtualization Architecture Based on Android Bo-wen LIU, Nai-jie GU and De-he GU
2017 2nd International Conference on Computer, Network Security and Communication Engineering (CNSCE 2017) ISBN: 978-1-60595-439-4 A Lightweight OS-Level Virtualization Architecture Based on Android Bo-wen
More informationProcess. Heechul Yun. Disclaimer: some slides are adopted from the book authors slides with permission
Process Heechul Yun Disclaimer: some slides are adopted from the book authors slides with permission 1 Recap OS services Resource (CPU, memory) allocation, filesystem, communication, protection, security,
More informationLinux Containers Roadmap Red Hat Enterprise Linux 7 RC. Bhavna Sarathy Senior Technology Product Manager, Red Hat
Linux Containers Roadmap Red Hat Enterprise Linux 7 RC Bhavna Sarathy Senior Technology Product Manager, Red Hat Linda Wang Senior Eng. Manager, Red Hat Bob Kozdemba Principal Soln. Architect, Red Hat
More informationUsing Linux Containers as a Virtualization Option
Using Linux Containers as a Virtualization Option Michal Svec Product Manager msvec@suse.com Mike Friesenegger Sales Engineer mfriesenegger@suse.com 2 Containers Linux Containers Virtualization OS Level
More informationUNIX Structure. Operating Systems In Depth VII 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.
UNIX Structure Operating Systems In Depth VII 1 Copyright 2018 Thomas W. Doeppner. All rights reserved. The Unix Address Space stack dynamic bss data text Operating Systems In Depth VII 2 Copyright 2018
More informationECE 550D Fundamentals of Computer Systems and Engineering. Fall 2017
ECE 550D Fundamentals of Computer Systems and Engineering Fall 2017 The Operating System (OS) Prof. John Board Duke University Slides are derived from work by Profs. Tyler Bletsch and Andrew Hilton (Duke)
More informationChapter 3: Process Concept
Chapter 3: Process Concept Chapter 3: Process Concept Process Concept Process Scheduling Operations on Processes Inter-Process Communication (IPC) Communication in Client-Server Systems Objectives 3.2
More informationChapter 3: Process Concept
Chapter 3: Process Concept Chapter 3: Process Concept Process Concept Process Scheduling Operations on Processes Inter-Process Communication (IPC) Communication in Client-Server Systems Objectives 3.2
More informationEfficient Memory Management on Mobile Devices
Efficient Memory Management on Mobile Devices Bartlomiej Zolnierkiewicz b.zolnierkie@samsung.com September 17, 2013 Issues on mobile systems: limited resources no physical swap need for custom Out-Of-Memory
More informationISLET: Jon Schipp, AIDE jonschipp.com. An Attempt to Improve Linux-based Software Training
ISLET: An Attempt to Improve Linux-based Software Training Jon Schipp, AIDE 2015 jonschipp@gmail.com, @Jonschipp, jonschipp.com About me: Security Engineer for the National Center for Supercomputing Applications
More informationAlternatives to Solaris Containers and ZFS for Linux on System z
Alternatives to Solaris Containers and ZFS for Linux on System z Cameron Seader (cs@suse.com) SUSE Tuesday, March 11, 2014 Session Number 14540 Agenda Quick Overview of Solaris Containers and ZFS Linux
More informationReading Assignment 4. n Chapter 4 Threads, due 2/7. 1/31/13 CSE325 - Processes 1
Reading Assignment 4 Chapter 4 Threads, due 2/7 1/31/13 CSE325 - Processes 1 What s Next? 1. Process Concept 2. Process Manager Responsibilities 3. Operations on Processes 4. Process Scheduling 5. Cooperating
More informationChapter 3: Process Concept
Chapter 3: Process Concept Silberschatz, Galvin and Gagne 2013! Chapter 3: Process Concept Process Concept" Process Scheduling" Operations on Processes" Inter-Process Communication (IPC)" Communication
More informationFor personnal use only
Network Namespaces in RHEL7 Finnbarr P. Murphy (fpm@fpmurphy.com) Linux namespaces are somewhat like Solaris zones in many ways from a user perspective but have significant differences under the hood.
More informationAn introduction to cgroups and cgroupspy tags = [ python, docker, coreos',
An introduction to cgroups and cgroupspy tags = [ python, docker, coreos', systemd'] About me Entrepreneur Geek VP Biz Dev @ CloudSigma Contact info Email: viktor@cloudsigma.com WWW: http://vpetersson.com
More informationProcess. Heechul Yun. Disclaimer: some slides are adopted from the book authors slides with permission 1
Process Heechul Yun Disclaimer: some slides are adopted from the book authors slides with permission 1 Recap OS services Resource (CPU, memory) allocation, filesystem, communication, protection, security,
More informationChapter 1 Introduction
Chapter 1 Introduction Hsung-Pin Chang Department of Computer Science National Chung Hsing University Preference On the basis of 2.4.18 of the Linux kernel www.kernel.org Linux source code is contained
More informationLecture Topics. Announcements. Today: Threads (Stallings, chapter , 4.6) Next: Concurrency (Stallings, chapter , 5.
Lecture Topics Today: Threads (Stallings, chapter 4.1-4.3, 4.6) Next: Concurrency (Stallings, chapter 5.1-5.4, 5.7) 1 Announcements Make tutorial Self-Study Exercise #4 Project #2 (due 9/20) Project #3
More informationAdding Generic Process Containers to the Linux Kernel
Adding Generic Process Containers to the Linux Kernel Paul B. Menage Google, Inc. menage@google.com Abstract While Linux provides copious monitoring and control options for individual processes, it has
More informationCHAPTER 3 - PROCESS CONCEPT
CHAPTER 3 - PROCESS CONCEPT 1 OBJECTIVES Introduce a process a program in execution basis of all computation Describe features of processes: scheduling, creation, termination, communication Explore interprocess
More informationHow to Restrict a Login Shell Using Linux Namespaces
How to Restrict a Login Shell Using Linux Namespaces Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using
More informationChapter 3: Processes. Operating System Concepts 8th Edition, modified by Stewart Weiss
Chapter 3: Processes Operating System Concepts 8 Edition, Chapter 3: Processes Process Concept Process Scheduling Operations on Processes Interprocess Communication Examples of IPC Systems Communication
More informationPrograms. Program: Set of commands stored in a file Stored on disk Starting a program creates a process static Process: Program loaded in RAM dynamic
Programs Program: Set of commands stored in a file Stored on disk Starting a program creates a process static Process: Program loaded in RAM dynamic Types of Processes 1. User process: Process started
More informationIVI Fast boot approach
IVI Fast boot approach 07/13/2016 Yuichi Kusakabe SS Engineering Group Fujitsu TEN LIMITED 1 About Myself Yuichi Kusakabe (Fujitsu TEN LIMITED) Software Engineer of IVI about 10 years (for 16-bit and 32-bit
More informationContainer Adoption for NFV Challenges & Opportunities. Sriram Natarajan, T-Labs Silicon Valley Innovation Center
Container Adoption for NFV Challenges & Opportunities Sriram Natarajan, T-Labs Silicon Valley Innovation Center Virtual Machine vs. Container Stack KVM Container-stack Libraries Guest-OS Hypervisor Libraries
More informationProcess Concept. Minsoo Ryu. Real-Time Computing and Communications Lab. Hanyang University.
Process Concept Minsoo Ryu Real-Time Computing and Communications Lab. Hanyang University msryu@hanyang.ac.kr Topics Covered Process Concept Definition, states, PCB Process Scheduling Scheduling queues,
More informationChapter 3: Processes
Chapter 3: Processes Silberschatz, Galvin and Gagne 2013 Chapter 3: Processes Process Concept Process Scheduling Operations on Processes Interprocess Communication Examples of IPC Systems Communication
More informationKata Containers The way to run virtualized containers. Sebastien Boeuf, Linux Software Engineer Intel Corporation
Kata Containers The way to run virtualized containers Sebastien Boeuf, Linux Software Engineer Intel Corporation https://regmedia.co.uk/2017/09/11/shutterstock_containers_in_port.jpg Containers 101 Process
More informationThreads. What is a thread? Motivation. Single and Multithreaded Processes. Benefits
CS307 What is a thread? Threads A thread is a basic unit of CPU utilization contains a thread ID, a program counter, a register set, and a stack shares with other threads belonging to the same process
More informationProcesses. Operating System Concepts 8 th Edition
Processes Silberschatz, Galvin and Gagne 2009 Processes Process Concept Process Scheduling Operations on Processes Inter-process Communication Examples of IPC Systems Communication in Client-Server Systems
More informationChapter 3: Processes. Operating System Concepts 8th Edition
Chapter 3: Processes Chapter 3: Processes Process Concept Process Scheduling Operations on Processes Interprocess Communication Examples of IPC Systems Communication in Client-Server Systems 3.2 Objectives
More informationfor Kerrighed? February 1 st 2008 Kerrighed Summit, Paris Erich Focht NEC
Virtualization for Kerrighed? February 1 st 2008 Kerrighed Summit, Paris Erich Focht NEC Why virtualization? Virtualization means many things! Multi-programming any UNIX is virtualizing resources to allow
More informationIntroduction to OS Processes in Unix, Linux, and Windows MOS 2.1 Mahmoud El-Gayyar
Introduction to OS Processes in Unix, Linux, and Windows MOS 2.1 Mahmoud El-Gayyar elgayyar@ci.suez.edu.eg Mahmoud El-Gayyar / Introduction to OS 1 Processes in Unix, Linux, and Windows Unix pre-empted
More informationResource Management with CGroups
Resource Management with CGroups Linux.conf.au 2011 Brisbane Australia Steven Ellis Red Hat Solution Architect Ingram Micro New Zealand Overview Control Group (cgroup) Meet application SLAs by reducing
More informationThe failure of Operating Systems,
The failure of Operating Systems, and how we can fix it. Glauber Costa Lead Software Engineer August 30th, 2012 Linuxcon Opening Notes I'll be doing Hypervisors vs Containers here. But: 2 2 Opening Notes
More informationVirtualizaton: One Size Does Not Fit All. Nedeljko Miljevic Product Manager, Automotive Solutions MontaVista Software
Virtualizaton: One Size Does Not Fit All Nedeljko Miljevic Product Manager, Automotive Solutions MontaVista Software Agenda Linux and Automotive Challenges Solution: Virtualization Linux Containers Best
More informationProcess Concepts. CSC400 - Operating Systems. 3. Process Concepts. J. Sumey
CSC400 - Operating Systems 3. Process Concepts J. Sumey Overview Concurrency Processes & Process States Process Accounting Interrupts & Interrupt Processing Interprocess Communication CSC400 - Process
More informationOPENSHIFT FOR OPERATIONS. Jamie Cloud Guy - US Public Sector at Red Hat
1 OPENSHIFT FOR OPERATIONS Jamie Duncan @jamieeduncan Cloud Guy - US Public Sector at Red Hat 20170504 ABOUT JDUNCAN I've been at Red Hat just over 5 years 2 This is my daughter Elizabeth. #cutestthingever
More informationProcesses. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University
Processes Jin-Soo Kim (jinsookim@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu OS Internals User space shell ls trap shell ps Kernel space File System Management I/O
More informationProcesses and Threads. Processes and Threads. Processes (2) Processes (1)
Processes and Threads (Topic 2-1) 2 홍성수 Processes and Threads Question: What is a process and why is it useful? Why? With many things happening at once in a system, need some way of separating them all
More informationOS Virtualization. Linux Containers (LXC)
OS Virtualization Emulate OS-level interface with native interface Lightweight virtual machines No hypervisor, OS provides necessary support Referred to as containers Solaris containers, BSD jails, Linux
More informationState of Containers. Convergence of Big Data, AI and HPC
State of Containers Convergence of Big Data, AI and HPC Technology ReCap Comparison of Hypervisor and Container Virtualization VM1 VM2 appa appb Userland Userland Kernel Kernel Operational Abstraction
More informationLandlock LSM: toward unprivileged sandboxing
Landlock LSM: toward unprivileged sandboxing Mickaël Salaün ANSSI September 14, 2017 1 / 21 Secure user-space software How to harden an application? secure development follow the least privilege principle
More informationSMD149 - Operating Systems
SMD149 - Operating Systems Roland Parviainen November 3, 2005 1 / 45 Outline Overview 2 / 45 Process (tasks) are necessary for concurrency Instance of a program in execution Next invocation of the program
More informationRESOURCE MANAGEMENT MICHAEL ROITZSCH
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group RESOURCE MANAGEMENT MICHAEL ROITZSCH AGENDA done: time, drivers today: misc. resources architectures for resource
More informationDUCC Installation and Verification Excerpt From Complete DUCC Documentation
DUCC Installation and Verification Excerpt From Complete DUCC Documentation Written and maintained by the Apache UIMA TM Development Community Copyright c 2012 The Apache Software Foundation Copyright
More informationProcesses & Threads. (Chapter 3) CS 4410 Operating Systems. [R. Agarwal, L. Alvisi, A. Bracy, M. George, E. Sirer, R. Van Renesse]
Processes & Threads (Chapter 3) CS 4410 Operating Systems [R. Agarwal, L. Alvisi, A. Bracy, M. George, E. Sirer, R. Van Renesse] Processes! 2 What is a Program? Program is a file containing: executable
More informationPrepared by Prof. Hui Jiang Process. Prof. Hui Jiang Dept of Electrical Engineering and Computer Science, York University
EECS3221.3 Operating System Fundamentals No.2 Process Prof. Hui Jiang Dept of Electrical Engineering and Computer Science, York University How OS manages CPU usage? How CPU is used? Users use CPU to run
More informationThis lecture is covered in Section 4.1 of the textbook.
This lecture is covered in Section 4.1 of the textbook. A Unix process s address space appears to be three regions of memory: a read-only text region (containing executable code); a read-write region consisting
More informationA Design and Implementation of Universal Container
, pp.137-143 http://dx.doi.org/10.14257/astl.2016.136.33 A Design and Implementation of Universal Container Xin Li 1, Hee-Kyung Moon 1, Sung-Kook Han 1, 1 Department of Computer Engineering, Wonkwang University
More informationAn introduction to Docker
An introduction to Docker Ing. Vincenzo Maffione Operating Systems Security Container technologies on Linux Several light virtualization technologies are available for Linux They build on cgroups, namespaces
More informationTravis Cardwell Technical Meeting
.. Introduction to Docker Travis Cardwell Tokyo Linux Users Group 2014-01-18 Technical Meeting Presentation Motivation OS-level virtualization is becoming accessible Docker makes it very easy to experiment
More information