This is an updated version of v2 of this patchset[1]. It includes an
improvement to cgroup core to correctly apply the common ancestor
cgroup.procs restriction on cgroupv1 hierarchies. This fixes
187fe84067bd ("cgroup: require write perm on common ancestor when moving
processes on the default hierarchy"), ensuring that the three guarantees
described in the second patch are held for both cgroupv1 and cgroupv2.
In addition, this patchset now includes a way to disable the auto-mode
changing functionality. An administrator may disable it on a
cgroup-by-cgroup basis by setting the cgroups to have the permissions
a-rx. This update also includes an updated version of the comment
describing the guarantees given by Unix directory permissions and cgroup
core.
[1]: https://lkml.org/lkml/2016/5/1/87
Aleksa Sarai (2):
cgroup: apply common ancestor cgroup.procs restriction in cgroupv1
cgroup: allow management of subtrees by new cgroup namespaces
kernel/cgroup.c | 97 ++++++++++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 92 insertions(+), 5 deletions(-)
--
2.8.1
--
To unsubscribe from this list: send the line "unsubscribe cgroups" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
