On Mon, Jan 10, 2022 at 10:55:54AM -0800, Hao Luo wrote: > > I see. With attach API, are we also able to specify some attributes > for the attachment? For example, a property that we may want is: let > descendent cgroups inherit their parent cgroup's programs. Plenty of interesting ideas in this thread. Thanks for kicking it off. Maybe we should move it to office hours? The back and forth over email can take some time. It sounds to me that "let descendents inherit" is a mandatory feature. In that sense "allow attach in kernfs" is not a feature. It feels that it's creating more problems for the design. Creating a "catable" file inside cgroup directory that descedents inherit with the same name is a cgroup specific feature. Inherit or not can be a flag, but the inheritance needs to be designed from the start. echo "rm" is not pretty. fsnotify feels a bit hacky. Maybe pinning in cgroupfs will avoid both issues? We can have normal unlink implemented there. The attach bpf_sys cmd as-is won't work. It needs a name at least. That will make it look like obj_pin cmd. So probably better to make obj_pin work when path is inside cgroupfs and use file_flags for inherit or not. The patch 8 gives a glimpse of how the bpf prog will look like. Can you make it more realistic? Do you need to walk cgroup children? Or all processes in a cgroup? Will we need css_for_each_descendant() as a bpf helper?
