lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 10 Jan 2018 23:18:48 +0100
From:   "Michael Kerrisk (man-pages)" <mtk.manpages@...il.com>
To:     Tejun Heo <tj@...nel.org>
Cc:     mtk.manpages@...il.com, Peter Zijlstra <peterz@...radead.org>,
        cgroups@...r.kernel.org, lkml <linux-kernel@...r.kernel.org>,
        linux-man <linux-man@...r.kernel.org>,
        "Serge E. Hallyn" <serge@...lyn.com>,
        Mike Galbraith <efault@....de>, Li Zefan <lizefan@...wei.com>,
        Ingo Molnar <mingo@...hat.com>, Paul Turner <pjt@...gle.com>,
        kernel-team@...com, Andy Lutomirski <luto@...capital.net>,
        Johannes Weiner <hannes@...xchg.org>,
        Lauro Venancio <lvenanci@...hat.com>,
        Waiman Long <longman@...hat.com>
Subject: Re: cgroups(7): documenting cgroups v2 thread mode

Hello Tejun,

On 01/10/2018 03:47 PM, Tejun Heo wrote:
> Hello,
> 
> On Tue, Jan 09, 2018 at 11:54:03PM +0100, Michael Kerrisk (man-pages) wrote:
>> One more thing. I added the following sentence to the text:
>>
>>        The  cgroup.threads file is writable only for the cgroups inside a
>>        threaded subtree.
>>
>> Can you confirm that that is correct, please.
> 
> The only extra restriction is that the domain cgroup must be the same
> for the source and destination, which is true for the entire threaded
> subtree (the threaded domain).  As each domain cgroup is its own
> unique domain, cgroup.threads in them would only allow migrating to
> self which is a noop; otherwise, it'd return -EOPNOTSUPP.

Ahh yes. Now I understand. I made the description of the containment
rules for cgroup.threads more explicit in the text:

       As with writing to cgroup.procs, some containment rules apply when
       writing to the cgroup.threads file:

       *  The  writer  must  have  write permission on the cgroup.threads
          file in the destination cgroup.

       *  The writer must have write permission on the cgroup.procs  file
          in  the  common ancestor of the source and destination cgroups.
          (In some cases, the common ancestor may be the source or desti‐
          nation cgroup itself.)

       *  The source and destination cgroups must be in the same threaded
          subtree.  (Outside a threaded subtree, an  attempt  to  move  a
          thread by writing its thread ID to the cgroup.threads in a dif‐
          ferent domain cgroup fails with the error EOPNOTSUPP.)

Okay? (I realize that the last bullet point is a rather different way of
formulating your idea that "the only extra restriction is that the domain
cgroup must be the same for the source and destination". But I think the
reformulation is easier to understand, no?)

Cheers,

Michael

-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ