Hello. On Tue, Sep 12, 2023 at 11:30:32AM +0800, Yafang Shao <laoar.shao@xxxxxxxxx> wrote: > With the above changes, I think it can meet most use cases with BPF on cgroup1. > What do you think ? I think the presented use case of LSM hooks is better served by the default hierarchy (see also [1]). Relying on a chosen subsys v1 hierarchy is not systematic. And extending ancestry checking on named v1 hierarchies seems backwards given the existence of the default hierarchy. Michal [1] https://docs.kernel.org/admin-guide/cgroup-v2.html#delegation-containment
Attachment:
signature.asc
Description: PGP signature
