Hello, On Wed, Jan 09, 2019 at 10:10:25AM +0100, Ondrej Mosnacek wrote: > The main motivation for this change is that the userspace users of cgroupfs > (which is built on kernfs) expect the usual security context inheritance > to work under SELinux (see [1] and [2]). This functionality is required for > better confinement of containers under SELinux. Can you please go into details on what the expected use cases are like for cgroupfs? It shows up as a filesystem but isn't a real one and has its own permission scheme for delegation and stuff. If sysfs hasn't needed selinux support, I'm having a bit of difficulty seeing why cgroupfs would. Thanks. -- tejun
