On Thu, Aug 25, 2022 at 10:58:26AM -0700, Hao Luo <haoluo@xxxxxxxxxx> wrote:
> Permission is a valid point about FD. There was discussion in an
> earlier version of this patch series [0].
(I'm sorry, I didn't follow all the version discussions closely.)
I think the permissions are a non-issue when unprivileged BPF is
disabled. If it's allowed, I think it'd be better solved generally
within the BPF iterator framework. (Maybe it's already present, I didn't
check.)
(OT:
> The good thing about ID is that it can be passed across processes
FDs can be passed too (parent-child trivially, others via SCM_RIGHTS
message).
> and it's meaningful to appear in logs. It's more user-friendly.
I'd say cgroup path wins both in meaning and user friendliness.
(Or maybe you meant different class of users.)
)
> So we decided to support both.
I accept cgroup ids are an establish{ing,ed} way to refer to cgroups
from userspace. Hence my fixups for the BPF cgroup iter (another thread)
for better namespacing consisntency.
Thanks,
Michal
Attachment:
signature.asc
Description: Digital signature
