Originally posted by k1e0x
View Post
The basic problem is that a lot of people think that isolation of processes is like a solved game like tic tac toe that is something you can engineer out a solution because you understand all the problem space. Isolating applications from the different benchmark failures it clear those have not found the perfect solution and that means every solution so far has missed something about the problem space.
Basically your ideas are right if we have successfully solved the problem space of how to isolate applications. If we have solved how to isolate applications properly zones, jails, cgroup/namespace... under any workload should be better than VM and minor-ally worse than bare metal. Problem is benchmarks don't tell this story. Instead the benchmarks tell the story that we have those systems at times worse than VM so we have not solved it yet.
While something is not properly solved how to-do it you cannot engineer a perfect solution either. Its like why you make a prototype and refine it before you engineer final product as well.
Of course someone could get lucky and engineer up the correct solution or the linux kernel chaos development model could try enough different things to point to where the correct solution is as well.
Leave a comment: