On Mon, Feb 06, 2023 at 11:42:12AM -1000, Tejun Heo wrote: > The flip side is that on vast majority of configurations, cgroup hierarchy > more or less coincides with process tree which has the benefit of being > available regardless of cgroups, so in a lot of cases, it can be better to > just go the traditional way and tie these things to the process tree. In case it wasn't clear - use the misc controller to restrict which cgroups can get how many but as for sharing domain, use more traditional mechanisms whether that's sharing through cloning, fd passing, shared path with perm checks or whatever. Thanks. -- tejun
