lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue, 19 Apr 2011 16:17:35 +0400
From:	Konstantin Khlebnikov <khlebnikov@...allels.com>
To:	Paul Menage <menage@...gle.com>
CC:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] cpuset: allow empty cpu/node masks

Paul Menage wrote:
> On Tue, Apr 19, 2011 at 1:08 PM, Konstantin Khlebnikov
> <khlebnikov@...allels.com>  wrote:
>> Is cgroup.clone_children=1 planned to be default?
>
> I don't think so. It would be a user-visible API change, for no
> significant benefit.
>
>>
>> So, I just want to make cgroup worked out of the box:
>>
>> mount -t cgroup cgroup /cgroup
>> mkdir /cgroup/foo
>> echo $$>  /cgroup/foo/tasks
>
> Just because cgroups has a very simple filesystem-based ASCII API,
> that doesn't stop it from being a complex and
> barely-human-comprehendable system. :-)
>
> I'm not sure what we gain by making that approach work - to do useful
> stuff with cgroups (rather than simply playing around with moving
> tasks into cgroups) you do need to have a better understanding of
> what's going on. It's not too hard to make the initial instructions
> explain how to only mount the subsystems that you want, or pass the
> clone_children option.
>

Ok, then the problem is that the cgroupfs can be mounted without the
specifying set of subsystems. Thus this operation is unsafe for future compatibily.

I think it is best to oblige all subsystems to initialize their css
by default with reasonable unlimited values or to inherit they from parent.

Currently cpuset is only one cgroup that "does not work by default",
and I see no reason why it should be special.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ