Re: [PATCH] cgroup/cpuset: Creating or adding CPUs to partition not allowed without privilege

Next message: Sudeep Holla: "[PATCH v2 00/11] firmware: arm_ffa: Fix cleanup, notification, and discovery paths"
Previous message: Anthony Krowiak: "Re: [PATCH v2 00/16] s390/vfio-ap: Add live guest migration support"
In reply to: Tejun Heo: "Re: [PATCH] cgroup/cpuset: Creating or adding CPUs to partition not allowed without privilege"
Next in thread: Waiman Long: "Re: [PATCH] cgroup/cpuset: Creating or adding CPUs to partition not allowed without privilege"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Waiman Long

Date: Tue Apr 28 2026 - 14:33:29 EST

On 4/28/26 11:44 AM, Tejun Heo wrote:

Hello,

On Tue, Apr 28, 2026 at 11:19:16AM -0400, Waiman Long wrote:
...

Thank for the comment. Yes, that can be a valid configuration.

One possible workaround may be to see if the current user has write access
to its parent partition root. If so, we can allow it to create a
sub-partition, if not, we will forbid it.

I think this whole thing is a confusion. First of all, resource knobs in any
given cgroup is owned by the parent. Delegations where the perm to a
resource knob is given to delegatee is not supported and expected to affect
resource distribution w.r.t. its siblings. Partition isn't special in this
regard. memory.low or min can create similar effects. Maybe I'm missing
something but I don't see anything happening that's not supposed to happen.

You are right. I am a bit confused about the exact delegation rules. After reading the delegation section of the cgroup-v2.rst file, I realize that the current behavior should be OK. For clarity, I am planning to send a documentation patch to clarify the current partition delegation behavior.

Thanks,
Longman