lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170625042717.GA14158@htj.duckdns.org>
Date:   Sun, 25 Jun 2017 00:27:17 -0400
From:   Tejun Heo <tj@...nel.org>
To:     Li Zefan <lizefan@...wei.com>, Johannes Weiner <hannes@...xchg.org>
Cc:     cgroups@...r.kernel.org, Aravind Anbudurai <aru7@...com>,
        linux-kernel@...r.kernel.org
Subject: [1/3] cgroup: "cgroup.subtree_control" should be writeable by
 delegatee

"cgroup.subtree_control" determines which resource types a cgroup
wants to control.  Unlike actual resource knobs, this is an attribute
which belongs to the cgroup itself instead of its parent and thus
should be writeable by the delegatee in a delegated cgroup.

Update delegation documentation accordingly.

Signed-off-by: Tejun Heo <tj@...nel.org>
---
 Documentation/cgroup-v2.txt |    9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

--- a/Documentation/cgroup-v2.txt
+++ b/Documentation/cgroup-v2.txt
@@ -309,10 +309,11 @@ file.
 2-5-1. Model of Delegation
 
 A cgroup can be delegated to a less privileged user by granting write
-access of the directory and its "cgroup.procs" file to the user.  Note
-that resource control interface files in a given directory control the
-distribution of the parent's resources and thus must not be delegated
-along with the directory.
+access of the directory and its "cgroup.procs" and
+"cgroup.subtree_control" files to the user.  Note that resource
+control interface files in a given directory control the distribution
+of the parent's resources and thus must not be delegated along with
+the directory.
 
 Once delegated, the user can build sub-hierarchy under the directory,
 organize processes as it sees fit and further distribute the resources

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ