Hi, Johannes, thanks for ideas sharing.
definitely so. while there are something «around» process - e.g. a way to execute process inside existing container, error handling/etc
In my view, a container maps in Genode to a subsystem (comprising a VFS server and other infrastructure). Hence, starting a process inside an existing container should be pretty straightforward.
…
I believe sharing code pages in Genode would be a matter of the parent component who sets up the children's address spaces. Currently, we use the sandbox library for this.
I assume that this sharing implemented on the edge between file system and page cache (at least this is true for Linux/unix and Windows)
in that case we need to have single VFS server with own cache/page mapping for files being shared between different instance of containers (subsystems), not only for children’s? is it true for current implementation of [single VFS+FS server] <=> [[multiple subsystems]]?
if we want to share effectively files they should be visible with the same «inode» (or similar, depending upon a file system) then instance of file system should be visible from every container via single FS instance. it should handle COW as well.
I think this is exactly what a VFS server component does. It provides a File_system service to which multiple components can connect.
do you have an example of implementation of combination of VFS+FS server and a set of subsystems (at least 2) connected to the single server instance?
- Implementing a container runtime for Genode that sets up a
sub-init to launch the container process with the appropriate VFS and helper components according to the container configuration.
again, same question like above. typically you could use something like tinit (tiny init) for such purposes, while it is not mandatory and for many apps it will work without. but you need to understand what will be with child processes inside container, who will own them after death of parent (or this should not happens and you can use app itself as pseudo init).
Sorry, I was not crystal clear in my terminology. By "sub-init", I meant Genode's init component that we use for spawning subsystems. Honestly, I haven't spent any thought on multi-process containers. I had the impression that most commonly a container merely runs a single process, i.e. does not spawn new processes on its own.
this is not exactly true. while initially containers was developed with such an idea, later it became more complex
imagine build container - it run make inside (which fork gcc which in turn fork cpp then cc1 then as then ls and may be ar/ranlib/objcopy/etc) and if you have make -j4 - then make will run 4 parallel compilation (if Makefile allows). they must use the same file system instance (volume) to process intermediate files like .c -> .i -> .s -> .o -> .out...
returning back to genode and subsystems. how it is implemented in this moment , e.g. how make (native) can run inside genode noux? probably it use libc fork()/exec()/etc together with pthreads? do the processes (threads in genode terminology) share something bu default after start? can I run a bunch of «processes» inside genode in single subsystem which share some services from outside (like VFS+FS)?
more interesting question - do they share single swapping to disk service if need? or every subsystem has own pager with own page file?
I think that if I will have examples of implementation of these features in the way which will be suitable for genode subsystem-per-container model then we can have docker on genode relatively fast.
Sincerely, Alexander