Right now,if we mount cgroup in the container,we will get host's cgroup informations and even we can change host's cgroup in container. So the resource controller of the container will lose effectiveness. This patchset try to add contianer support for cgroup. the main idea is allocateing cgroup super-block for each cgroup mounted in different pid namespace. The top cgroup of container will share css with host. When the cgroup being mounted in contianer,the tasks in this container will be attached to this new mounted hierarchy's top cgroup, And when unmounting cgroup in container,these tasks will be attached back to host's cgroup. Since the container can change the shared css through it's cgroup subsystem files. patch 7/8 disable the write permission of container's top cgroup files. In my TODO list, container will have it's own css, this problem will disappear. This patchset is sent as RFC,any comments are welcome. Maybe this isn't the best solution, if you have better solution,Please let me know. Gao feng (9): cgroup: introduce cgroupfs_root flag ROOT_NAMESPACE cgroup: introduce the top root cgroup: use root->top_root instead of root introduce helper function cgroup_in_root cgroup: add container support for cgroup pidns: move next_tgid to kernel/pid.c cgroup: attach container's tasks to proper cgroup cgroup: disallow container to change top cgroup's subsys files cgroup: rework cgroup_path fs/proc/base.c | 43 ------ include/linux/sched.h | 8 + kernel/cgroup.c | 344 ++++++++++++++++++++++++++++++++++++++---------- kernel/pid.c | 39 ++++++ 4 files changed, 319 insertions(+), 115 deletions(-) -- 1.7.7.6 _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
