From: Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
To: John Stultz <john.stultz-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
Cc: Michael Kerrisk
<mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
lkml <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Li Zefan <lizefan-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>,
Jonathan Corbet <corbet-T1hC0tSOHrs@public.gmane.org>,
"open list:CONTROL GROUP (CGROUP)"
<cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Android Kernel Team
<kernel-team-z5hGa2qSFaRBDgjK7y7TUQ@public.gmane.org>,
Rom Lemarchand <romlem-z5hGa2qSFaRBDgjK7y7TUQ@public.gmane.org>,
Colin Cross <ccross-z5hGa2qSFaRBDgjK7y7TUQ@public.gmane.org>,
Dmitry Shmidt <dimitrysh-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Todd Kjos <tkjos-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Christian Poetzsch
<christian.potzsch-1AXoQHu6uovQT0dZR+AlfA@public.gmane.org>,
Amit Pundir <amit.pundir-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>,
Dmitry Torokhov
<dmitry.torokhov-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
"Serge E . Hallyn"
<serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>,
Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>,
Linux API <linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: [PATCH v5] cgroup: Add new capability to allow a process to migrate other tasks between cgroups
Date: Tue, 13 Dec 2016 13:40:57 -0500 [thread overview]
Message-ID: <20161213184057.GA17672@htj.duckdns.org> (raw)
In-Reply-To: <CALAqxLVz4WH5T7mjD1U5XG1pWQCJqsO2LWYcpJ+xDPjRb9QMig-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
Hello,
On Tue, Dec 13, 2016 at 08:08:16AM -0800, John Stultz wrote:
> On Tue, Dec 13, 2016 at 1:47 AM, Michael Kerrisk (man-pages)
> <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > On 13 December 2016 at 02:39, John Stultz <john.stultz-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org> wrote:
> > So, back to the discussion of silos. I understand the argument for
> > wanting a new silo. But, in that case can we at least try not to make
> > it a single-use silo?
> >
> > How about CAP_CGROUP_CONTROL or some such, with the idea that this
> > might be a capability that allows the holder to step outside usual
> > cgroup rules? At the moment, that capability would allow only one such
> > step, but maybe there would be others in the future.
>
> This sounds reasonable to me. Tejun/Andy: Objections?
Control group control? The word control has a specific meaning for
cgroups and that second control doesn't make much sense to me. Given
how this is mostly to patch up a hole in v1's delegation model and how
migration operations are different from others, I doubt that we will
end up overloading it. Maybe just CAP_CGROUP?
Thanks.
--
tejun
WARNING: multiple messages have this Message-ID (diff)
From: Tejun Heo <tj@kernel.org>
To: John Stultz <john.stultz@linaro.org>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>,
lkml <linux-kernel@vger.kernel.org>,
Li Zefan <lizefan@huawei.com>, Jonathan Corbet <corbet@lwn.net>,
"open list:CONTROL GROUP (CGROUP)" <cgroups@vger.kernel.org>,
Android Kernel Team <kernel-team@android.com>,
Rom Lemarchand <romlem@android.com>,
Colin Cross <ccross@android.com>,
Dmitry Shmidt <dimitrysh@google.com>,
Todd Kjos <tkjos@google.com>,
Christian Poetzsch <christian.potzsch@imgtec.com>,
Amit Pundir <amit.pundir@linaro.org>,
Dmitry Torokhov <dmitry.torokhov@gmail.com>,
Kees Cook <keescook@chromium.org>,
"Serge E . Hallyn" <serge@hallyn.com>,
Andy Lutomirski <luto@amacapital.net>,
Linux API <linux-api@vger.kernel.org>
Subject: Re: [PATCH v5] cgroup: Add new capability to allow a process to migrate other tasks between cgroups
Date: Tue, 13 Dec 2016 13:40:57 -0500 [thread overview]
Message-ID: <20161213184057.GA17672@htj.duckdns.org> (raw)
In-Reply-To: <CALAqxLVz4WH5T7mjD1U5XG1pWQCJqsO2LWYcpJ+xDPjRb9QMig@mail.gmail.com>
Hello,
On Tue, Dec 13, 2016 at 08:08:16AM -0800, John Stultz wrote:
> On Tue, Dec 13, 2016 at 1:47 AM, Michael Kerrisk (man-pages)
> <mtk.manpages@gmail.com> wrote:
> > On 13 December 2016 at 02:39, John Stultz <john.stultz@linaro.org> wrote:
> > So, back to the discussion of silos. I understand the argument for
> > wanting a new silo. But, in that case can we at least try not to make
> > it a single-use silo?
> >
> > How about CAP_CGROUP_CONTROL or some such, with the idea that this
> > might be a capability that allows the holder to step outside usual
> > cgroup rules? At the moment, that capability would allow only one such
> > step, but maybe there would be others in the future.
>
> This sounds reasonable to me. Tejun/Andy: Objections?
Control group control? The word control has a specific meaning for
cgroups and that second control doesn't make much sense to me. Given
how this is mostly to patch up a hole in v1's delegation model and how
migration operations are different from others, I doubt that we will
end up overloading it. Maybe just CAP_CGROUP?
Thanks.
--
tejun
next prev parent reply other threads:[~2016-12-13 18:40 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-13 1:39 [PATCH v5] cgroup: Add new capability to allow a process to migrate other tasks between cgroups John Stultz
2016-12-13 1:39 ` John Stultz
[not found] ` <1481593143-18756-1-git-send-email-john.stultz-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
2016-12-13 1:40 ` John Stultz
2016-12-13 1:40 ` John Stultz
2016-12-13 9:47 ` Michael Kerrisk (man-pages)
2016-12-13 9:47 ` Michael Kerrisk (man-pages)
2016-12-13 16:08 ` John Stultz
[not found] ` <CALAqxLVz4WH5T7mjD1U5XG1pWQCJqsO2LWYcpJ+xDPjRb9QMig-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-12-13 18:40 ` Tejun Heo [this message]
2016-12-13 18:40 ` Tejun Heo
[not found] ` <20161213184057.GA17672-piEFEHQLUPpN0TnZuCh8vA@public.gmane.org>
2016-12-13 18:47 ` John Stultz
2016-12-13 18:47 ` John Stultz
2016-12-13 18:53 ` Tejun Heo
2016-12-13 16:39 ` Casey Schaufler
[not found] ` <221e80bd-3d99-6c35-dcd3-b2547f0abb11-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
2016-12-13 16:49 ` John Stultz
2016-12-13 16:49 ` John Stultz
[not found] ` <CALAqxLWaJT=a1Cc2Ja8ZuazjJYi3a2WW9ATB0NFP8670Dyq6bg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-12-13 17:17 ` Casey Schaufler
2016-12-13 17:17 ` Casey Schaufler
[not found] ` <f7ccb39f-bad8-4a78-c796-90927b839494-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
2016-12-13 17:24 ` John Stultz
2016-12-13 17:24 ` John Stultz
2016-12-13 17:48 ` Casey Schaufler
2016-12-13 17:48 ` Casey Schaufler
[not found] ` <4c60e1be-c00a-5f26-f5de-7d32b9cb0f62-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
2016-12-13 18:13 ` John Stultz
2016-12-13 18:13 ` John Stultz
[not found] ` <CALAqxLUbrO+vzrwgK8_yZS-uru7redOdJCAe2=yA34gwPGC2CQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-12-13 18:32 ` Casey Schaufler
2016-12-13 18:32 ` Casey Schaufler
2016-12-13 18:47 ` Tejun Heo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161213184057.GA17672@htj.duckdns.org \
--to=tj-dgejt+ai2ygdnm+yrofe0a@public.gmane.org \
--cc=amit.pundir-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org \
--cc=ccross-z5hGa2qSFaRBDgjK7y7TUQ@public.gmane.org \
--cc=cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=christian.potzsch-1AXoQHu6uovQT0dZR+AlfA@public.gmane.org \
--cc=corbet-T1hC0tSOHrs@public.gmane.org \
--cc=dimitrysh-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=dmitry.torokhov-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=john.stultz-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org \
--cc=keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
--cc=kernel-team-z5hGa2qSFaRBDgjK7y7TUQ@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=lizefan-hv44wF8Li93QT0dZR+AlfA@public.gmane.org \
--cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
--cc=mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=romlem-z5hGa2qSFaRBDgjK7y7TUQ@public.gmane.org \
--cc=serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org \
--cc=tkjos-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.