[PATCH v2 1/2] cgroups: add documentation on extended attributes usage

From: Aristeu Rozanski
Date: Tue Sep 11 2012 - 16:28:29 EST

Next message: Aristeu Rozanski: "[PATCH v2 2/2] fs: add missing documentation to simple_xattr functions"
Previous message: Aristeu Rozanski: "[PATCH v2 0/2] cgroups: add documentation on extended attributes and simple_xattr functions"
In reply to: Aristeu Rozanski: "[PATCH v2 0/2] cgroups: add documentation on extended attributes and simple_xattr functions"
Next in thread: Li Zefan: "Re: [PATCH v2 1/2] cgroups: add documentation on extended attributesusage"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

v2: update cgroups.txt instead of creating a new file

Cc: Li Zefan <lizefan@xxxxxxxxxx>
Cc: Tejun Heo <tj@xxxxxxxxxx>
Cc: Hugh Dickins <hughd@xxxxxxxxxx>
Cc: Hillf Danton <dhillf@xxxxxxxxx>
Cc: Lennart Poettering <lpoetter@xxxxxxxxxx>
Signed-off-by: Aristeu Rozanski <aris@xxxxxxxxxx>

---
Documentation/cgroups/cgroups.txt | 24 ++++++++++++++++++++++--
1 file changed, 22 insertions(+), 2 deletions(-)

Index: github/Documentation/cgroups/cgroups.txt
===================================================================
--- github.orig/Documentation/cgroups/cgroups.txt 2012-08-16 10:24:48.437596817 -0400
+++ github/Documentation/cgroups/cgroups.txt 2012-09-07 10:23:19.974357952 -0400
@@ -29,7 +29,8 @@
3.1 Overview
3.2 Synchronization
3.3 Subsystem API
-4. Questions
+4. Extended attributes usage
+5. Questions

1. Control Groups
=================
@@ -650,7 +651,26 @@
the default hierarchy (which never has sub-cgroups) and a hierarchy
that is being created/destroyed (and hence has no sub-cgroups).

-4. Questions
+4. Extended attribute usage
+===========================
+
+cgroup filesystem supports certain types of extended attributes in its
+directories and files. The current supported types are:
+ - Trusted (XATTR_TRUSTED)
+ - Security (XATTR_SECURITY)
+
+Both require CAP_SYS_ADMIN capability to set.
+
+Like in tmpfs, the extended attributes in cgroup filesystem are stored
+using kernel memory and it's advised to keep the usage at minimum. This
+is the reason why user defined extended attributes are not supported, since
+any user can do it and there's no limit in the value size.
+
+The current known users for this feature are SELinux to limit cgroup usage
+in containers and systemd for assorted meta data like main PID in a cgroup
+(systemd creates a cgroup per service).
+
+5. Questions
============

Q: what's up with this '/bin/echo' ?

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Aristeu Rozanski: "[PATCH v2 2/2] fs: add missing documentation to simple_xattr functions"
Previous message: Aristeu Rozanski: "[PATCH v2 0/2] cgroups: add documentation on extended attributes and simple_xattr functions"
In reply to: Aristeu Rozanski: "[PATCH v2 0/2] cgroups: add documentation on extended attributes and simple_xattr functions"
Next in thread: Li Zefan: "Re: [PATCH v2 1/2] cgroups: add documentation on extended attributesusage"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]