On Mon 21-09-20 18:06:44, Michal Hocko wrote: [...] > Thanks a lot for this clarification! So I believe the only existing bug > is in documentation which should be explicit that the cgroup fd read > access is not sufficient because it also requires to have a write access > for cgroup.procs in the same directory at the time of fork. I will send > a patch if I find some time for that. I have reread the man page and concluded that the current wording is not bugy. It is referring to cgroups(7) which has all the information but it takes quite some to drill down to the important point. On the other hand there are many details (like delegation, namespaces) which makes it quite complex to be concise in clone(2) so it is very likely better to leave as it is. -- Michal Hocko SUSE Labs
