| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aEcTykJBgyyYYVAR@slm.duckdns.org> Date: Mon, 9 Jun 2025 07:03:06 -1000 From: Tejun Heo <tj@...nel.org> To: Johannes Weiner <hannes@...xchg.org> Cc: Vlastimil Babka <vbabka@...e.cz>, Matthew Wilcox <willy@...radead.org>, Lorenzo Stoakes <lorenzo.stoakes@...cle.com>, Andrew Morton <akpm@...ux-foundation.org>, Shakeel Butt <shakeel.butt@...ux.dev>, "Liam R . Howlett" <Liam.Howlett@...cle.com>, David Hildenbrand <david@...hat.com>, Jann Horn <jannh@...gle.com>, Arnd Bergmann <arnd@...db.de>, Christian Brauner <brauner@...nel.org>, SeongJae Park <sj@...nel.org>, Usama Arif <usamaarif642@...il.com>, Mike Rapoport <rppt@...nel.org>, Barry Song <21cnbao@...il.com>, linux-mm@...ck.org, linux-arch@...r.kernel.org, linux-kernel@...r.kernel.org, linux-api@...r.kernel.org, Pedro Falcato <pfalcato@...e.de> Subject: Re: [DISCUSSION] proposed mctl() API Hello, On Thu, Jun 05, 2025 at 08:31:56AM -0400, Johannes Weiner wrote: > On Wed, Jun 04, 2025 at 08:19:28AM -0400, Johannes Weiner wrote: > > On Fri, May 30, 2025 at 12:31:35PM +0200, Vlastimil Babka wrote: ... > > > I've just read the previous threads about Barry's proposal and if doing this > > > always isn't feasible, I'm wondering if memcg would be a better interface to > > > opt-in for this kind of behavior than both prctl or mctl. I think at least > > > conceptually it fits what memcg is doing? The question is if the > > > implementation would be feasible, and if android puts apps in separate memcgs... > > > > CCing Tejun. > > > > Cgroups has been trying to resist flag settings like these. The cgroup > > tree is a nested hierarchical structure designed for dividing up > > system resources. But flag properties don't have natural inheritance > > rules. What does it mean if the parent group says one thing and the > > child says another? Which one has precedence? > > > > Hence the proposal to make it a per-process property that propagates > > through fork() and exec(). This also enables the container usecase (by > > setting the flag in the container launching process), without there > > being any confusion what the *effective* setting for any given process > > in the system is. +1. If something can work as something which gets inherited through the process hierarchy, that's usually the better choice than making it a cgroup property. There isn't much to be gained by making them cgroup properties especially given that cgroup hierarchy, in most systems at this point, is a degenerated process hierarchy. Thanks. -- tejun
Powered by blists - more mailing lists