On Mon, Jan 10, 2022 at 7:33 PM Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx> wrote: > > On Mon, Jan 10, 2022 at 10:55:54AM -0800, Hao Luo wrote: > > > > I see. With attach API, are we also able to specify some attributes > > for the attachment? For example, a property that we may want is: let > > descendent cgroups inherit their parent cgroup's programs. > > Plenty of interesting ideas in this thread. Thanks for kicking it off. > Maybe we should move it to office hours? > The back and forth over email can take some time. No problem. Requested a time on Thursday (1/13/22). > It sounds to me that "let descendents inherit" is a mandatory feature. > In that sense "allow attach in kernfs" is not a feature. It feels that > it's creating more problems for the design. > Creating a "catable" file inside cgroup directory that descedents inherit > with the same name is a cgroup specific feature. > Inherit or not can be a flag, but the inheritance needs to be designed > from the start. > > echo "rm" is not pretty. > fsnotify feels a bit hacky. > Maybe pinning in cgroupfs will avoid both issues? > We can have normal unlink implemented there. > > The attach bpf_sys cmd as-is won't work. It needs a name at least. > That will make it look like obj_pin cmd. So probably better to make > obj_pin work when path is inside cgroupfs and use file_flags for > inherit or not. > The patch 8 gives a glimpse of how the bpf prog will look like. > Can you make it more realistic? > Do you need to walk cgroup children? Or all processes in a cgroup? > Will we need css_for_each_descendant() as a bpf helper?
