Re: [PATCH] capabilities: add capability cgroup controller

From: Andrew Morton
Date: Thu Jun 23 2016 - 19:46:22 EST

Next message: kernel test robot: "[mm] c3e3459c92: WARNING: CPU: 1 PID: 249 at mm/util.c:519 __vm_enough_memory"
Previous message: jack: "Hello Beautiful,"
In reply to: Topi Miettinen: "Re: [PATCH] capabilities: add capability cgroup controller"
Next in thread: Topi Miettinen: "Re: [PATCH] capabilities: add capability cgroup controller"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 23 Jun 2016 18:07:10 +0300 Topi Miettinen <toiwoton@xxxxxxxxx> wrote:

> There are many basic ways to control processes, including capabilities,
> cgroups and resource limits. However, there are far fewer ways to find
> out useful values for the limits, except blind trial and error.
>
> Currently, there is no way to know which capabilities are actually used.
> Even the source code is only implicit, in-depth knowledge of each
> capability must be used when analyzing a program to judge which
> capabilities the program will exercise.
>
> Add a new cgroup controller for monitoring of capabilities
> in the cgroup.

I'm having trouble understanding how valuable this feature is to our
users, and that's a rather important thing!

Perhaps it would help if you were to explain your motivation:
particular use cases which benefited from this, for example.

Next message: kernel test robot: "[mm] c3e3459c92: WARNING: CPU: 1 PID: 249 at mm/util.c:519 __vm_enough_memory"
Previous message: jack: "Hello Beautiful,"
In reply to: Topi Miettinen: "Re: [PATCH] capabilities: add capability cgroup controller"
Next in thread: Topi Miettinen: "Re: [PATCH] capabilities: add capability cgroup controller"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]