Tejun, Thanks for the quick response. > In case it wasn't clear - use the misc controller to restrict which cgroups > can get how many but as for sharing domain, use more traditional mechanisms > whether that's sharing through cloning, fd passing, shared path with perm > checks or whatever. That's always an option. But feels like a lot of complexity during setup that I'd like to explore ways to avoid. Some extra details of a workload that will use these shared virtual windows. Imagine some AI training application with one process running per core on a server with a hundred or so cores. Each of these processes wants periodically to share work so far on a subset of the problem with one or more other processes. The "virtual windows" allow an accelerator device to copy data between a region in the source process (the owner of the virtual window) and another process that needs to access/supply updates. Process tree is easy if the test is just "do these two tasks have the same getppid()?" Seems harder if the process tree is more complex and I want "Are these two processes both descended from a particular common ancestor?" Using fd passing would involve an O(N^2) step where each process talks to each other process in turn to complete a link in the mesh of connections. This would need to be repeated if additional processes are started. It would be much nicer to have an operation that matches what the applications want to do, namely "I want to broadcast-share this with all my peers". [N.B. I've suggested that these folks should just re-write their applications to simply attach to a giant blob of shared memory, and thus avoid all of this. But that doesn't fit for various reasons] -Tony