Hey, Michal. On Mon, Apr 22, 2013 at 05:37:30PM +0200, Michal Hocko wrote: > > In fact, I'm planning to disallow changing ownership of cgroup files > > when "sane_behavior" is specified. > > I would be wildly oposing this. Enabling user to play on its own ground > while above levels of the groups enforce the reasonable behavior is very > important use case. We can continue this discussion on the original thread and I'm not too firm on this not because it's a sane use case but because it is an extra measure preventing root from shooting its feet which we traditionally allow. That said, really, no good can come from delegating hierarchy to different security domains. It's already discouraged by the userland best practices doc. Just don't do it. > Tejun, stop this, finally! Current soft limit same as the reworked > version follow the basic nesting rule we use for the hard limit which > says that parent setting is always more strict than its children. > So if you parent says you are hitting the hardlimit (resp. over soft > limit) then children are reclaimed regardless their hard/soft limit > setting. Okay, thanks for making it clear. Then, apparently, the fine folks at google are hopelessly confused because at least Greg and Ying told me something which is the completely opposite of what you're saying. You guys need to sort it out. > It is you being confused and refuse to open the damn documentation and > read what the hack is soft limit and what it is used for. Read the patch > series I was talking about and you will hardly find anything regarding > _guarantee_. Oh, if so, I'm happy. Sorry about being brash on the thread; however, please talk with google memcg people. They have very different interpretation of what "softlimit" is and are using it according to that interpretation. If it *is* an actual soft limit, there is no inherent isolation coming from it and that should be clear to everyone. Thanks. -- tejun -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>