Quoting Tejun Heo (tj@xxxxxxxxxx): > Hello, > > On Tue, Nov 06, 2012 at 11:31:04AM -0600, Serge Hallyn wrote: > > We can't generally require a capability to move tasks between cgroups, > > as that will break currently intended uses. I can create two cgroups, > > chown them to serge, and let serge move between them. > > Sure, then just live with the cgroupfs based permission check. What > next? Should we add CAP_SYS_RESOURCE check to all resource related That would be the next step, yes. > controllers? Moreover, We're headed to unified hierarchy, so in the > end that means only the user with almost all CAP_* can manipulate > cgroups at all making the whole thing meaningless. Why meaningless? Many caps needed to "do everything", but moving a task into the freezer and freezing it, or reducing its allowed memory, would only requiring uid equiv or some limited bit of privilege. > I don't think applying fine-grained CAP_* to cgroup controllers makes > sense or would be useful in any real sense. We can introduce, say, > CAP_CGROUP to control access cgroupfs but I think we already have > enough access control to cgroupfs, don't we? That's the question :) I feel like we need a list of the various uses people have in mind, so we can figure out which ones are supportable... but I know there is the whole long thread I've not had time to keep up with, and many answers are probably there. -serge -- To unsubscribe from this list: send the line "unsubscribe cgroups" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
