| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 May 2020 19:55:49 +0200
From: Christian Brauner <christian@...uner.io>
To: mtk.manpages@...il.com
Cc: cgroups@...r.kernel.org, christian.brauner@...ntu.com,
linux-api@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-man@...r.kernel.org, oleg@...hat.com, tj@...nel.org
Subject: [PATCH v2] clone.2: Document CLONE_INTO_CGROUP
From: Christian Brauner <christian.brauner@...ntu.com>
Signed-off-by: Christian Brauner <christian.brauner@...ntu.com>
---
/* v2 */
- Michael Kerrisk (man-pages) <mtk.manpages@...il.com>:
- Fix various types and add examples and how to specify the file
descriptor.
---
man2/clone.2 | 43 +++++++++++++++++++++++++++++++++++++++++++
1 file changed, 43 insertions(+)
diff --git a/man2/clone.2 b/man2/clone.2
index 8b70b78a4..33594ddc5 100644
--- a/man2/clone.2
+++ b/man2/clone.2
@@ -197,6 +197,7 @@ struct clone_args {
u64 tls; /* Location of new TLS */
u64 set_tid; /* Pointer to a \fIpid_t\fP array */
u64 set_tid_size; /* Number of elements in \fIset_tid\fP */
+ u64 cgroup; /* Target cgroup file descriptor for the child process */
};
.EE
.in
@@ -448,6 +449,48 @@ Specifying this flag together with
.B CLONE_SIGHAND
is nonsensical and disallowed.
.TP
+.BR CLONE_INTO_CGROUP " (since Linux 5.7)"
+.\" commit ef2c41cf38a7559bbf91af42d5b6a4429db8fc68
+By default, the child process will be placed in the same version 2
+cgroup as its parent.
+If this flag is specified the child process will be created in a
+different cgroup than its parent.
+Note, that
+.BR CLONE_INTO_CGROUP
+is limited to version 2 cgroups. To use this feature, callers
+need to raise
+.BR CLONE_INTO_CGROUP
+in
+.I cl_args.flags
+and pass a directory file descriptor (see the
+.BR O_DIRECTORY
+flag for the
+.BR open (2)
+syscall) in the
+.I cl_args.cgroup.
+The caller may also pass an
+.BR O_PATH
+(see
+.BR open (2))
+file descriptor for the target cgroup.
+Note, that all usual version 2 cgroup migration restrictions (see
+.BR cgroups (7)
+for details) apply.
+
+Spawning a process into a cgroup different from the parent's cgroup
+makes it possible for a service manager to directly spawn new
+services into dedicated cgroups. This allows eliminating accounting
+jitter which would be caused by the new process living in the
+parent's cgroup for a short amount of time before being
+moved into the target cgroup. This flag also allows the creation of
+frozen child process by spawning them into a frozen cgroup (see
+.BR cgroups (7)
+for a description of the freezer feature in version 2 cgroups).
+For threaded applications or even thread implementations which
+make use of cgroups to limit individual threads it is possible to
+establish a fixed cgroup layout before spawning each thread
+directly into its target cgroup.
+.TP
.BR CLONE_DETACHED " (historical)"
For a while (during the Linux 2.5 development series)
.\" added in 2.5.32; removed in 2.6.0-test4
base-commit: aa02339ca45030711b42a1af12e3ee3405c1c5c7
--
2.26.2
Powered by blists - more mailing lists