[Devel] Re: [PATCH] Relax ns_can_attach checks to allow attaching to grandchild cgroups
Grzegorz Nosek
root at localdomain.pl
Fri Dec 19 15:03:30 PST 2008
On pią, gru 19, 2008 at 04:23:04 -0600, Serge E. Hallyn wrote:
> Quoting Andrew Morton (akpm at linux-foundation.org):
> > (cc containers at lists.osdl.org)
> >
> > Please don't send patches via private email!
My apologies.
> I trust (since you're not removing it) that the restriction that
> the target cgroup be empty is not a problem?
Sigh, good catch. I'm building my lxc-based environment slowly and I'm
only testing the most basic stuff currently, so I'd bug you about it
eventually.
Frankly, I don't understand the reason behind these restrictions and
feel like I'm missing some important piece of a puzzle. In my tests all
the tasks in question are living in the same namespace (though it won't
always be so), so I'd guess I should be able to move the tasks freely
between cgroups. Why exactly does the target cgroup have to be empty?
Also, should we remember the task->nsproxy pointer in the cgroup data
and ignore hierarchy if it matches? I guess it would be safe to store
the raw pointer without refcounting it in any way as we'd never
dereference it (could keep it as uintptr_t to reinforce the idea) but
only compare with another pointer.
Does that make any sense? Or should I simply mount the cgroup fs without
the ns subsystem and forget the whole thing? What exactly do I lose by
doing so?
> Also, 'rule 1' in the comment above ns_can_attach should be modified
> accordingly (s/child/descendant).
Indeed. Will resend after receiving some enlightenment about the above.
Thank you for your comments.
Best regards,
Grzegorz Nosek
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list