Cgroup id is becoming a new way for userspace how to refer to cgroups it wants to act upon. As opposed to cgroupfs (paths, opened FDs), the current approach does not reflect limited view by (non-init) cgroup namespaces. This patches don't aim to limit what a user can do (consider an uid=0 in mere cgroup namespace) but to provide consistent view within a namespace. The series is based on bpf-next with the new cgroup_iter. I've only boot-tested it (especially I didn't run the BPF selftest). Michal Koutný (4): cgroup: Honor caller's cgroup NS when resolving path cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id cgroup: Homogenize cgroup_get_from_id() return value cgroup/bpf: Honor cgroup NS in cgroup_iter for ancestors block/blk-cgroup-fc-appid.c | 4 +-- include/linux/cgroup.h | 8 +++--- kernel/bpf/cgroup_iter.c | 9 ++++--- kernel/cgroup/cgroup.c | 53 ++++++++++++++++++++++++++++--------- mm/memcontrol.c | 4 +-- 5 files changed, 54 insertions(+), 24 deletions(-) base-commit: 343949e10798a52c6d6a14effc962e010ed471ae -- 2.37.0
