[PATCH v3 0/2] cgroup: allow management of subtrees by new cgroup namespaces

From: Aleksa Sarai
Date: Mon May 02 2016 - 10:02:01 EST

Next message: Aleksa Sarai: "[PATCH v3 1/2] cgroup: apply common ancestor cgroup.procs restriction in cgroupv1"
Previous message: Rob Herring: "Re: [PATCH] of: include errno.h in of_graph.h"
Next in thread: Aleksa Sarai: "[PATCH v3 1/2] cgroup: apply common ancestor cgroup.procs restriction in cgroupv1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is an updated version of v2 of this patchset[1]. It includes an
improvement to cgroup core to correctly apply the common ancestor
cgroup.procs restriction on cgroupv1 hierarchies. This fixes
187fe84067bd ("cgroup: require write perm on common ancestor when moving
processes on the default hierarchy"), ensuring that the three guarantees
described in the second patch are held for both cgroupv1 and cgroupv2.

In addition, this patchset now includes a way to disable the auto-mode
changing functionality. An administrator may disable it on a
cgroup-by-cgroup basis by setting the cgroups to have the permissions
a-rx. This update also includes an updated version of the comment
describing the guarantees given by Unix directory permissions and cgroup
core.

[1]: https://lkml.org/lkml/2016/5/1/87

Aleksa Sarai (2):
cgroup: apply common ancestor cgroup.procs restriction in cgroupv1
cgroup: allow management of subtrees by new cgroup namespaces

kernel/cgroup.c | 97 ++++++++++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 92 insertions(+), 5 deletions(-)

--
2.8.1

Next message: Aleksa Sarai: "[PATCH v3 1/2] cgroup: apply common ancestor cgroup.procs restriction in cgroupv1"
Previous message: Rob Herring: "Re: [PATCH] of: include errno.h in of_graph.h"
Next in thread: Aleksa Sarai: "[PATCH v3 1/2] cgroup: apply common ancestor cgroup.procs restriction in cgroupv1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]