[Devel] Re: [RFC][PATCH] IP address restricting cgroup subsystem
Grzegorz Nosek
root at localdomain.pl
Wed Jan 7 01:37:01 PST 2009
On śro, sty 07, 2009 at 05:33:49 +0800, Li Zefan wrote:
> >> The root cgroup is read-only, so the tasks in it always bind to INADDR_ANY.
> >> For other cgroups, write is allowed only if it has no children and the
> >> parent is INADDR_ANY.
> >
> > Yes, I like that. Will update the patch. I assume that I must check
> > list_empty(&cgroup->children)?
>
> Yes.
>
> > Should I use cgroup_lock()/cgroup_unlock()
>
> Yes.
>
> > or other locking? I think it will be safe to do without locks but would
> > rather get some expert advice.
> >
>
> No. Without locks, it races with mkdir.
>
> =============
>
> //cgroup_lock();
>
> if (list_empty(&cgrp->children) &&
> parent->ipv4_addr == INADDR_ANY)
> <--- mkdir()
> ipcgroup->ipv4_addr = new_addr;
>
> //cgroup_unlock();
>
> ==============
>
> In the above case, ipcgroup->ipv4_addr = new_addr,
> but child_cgroup->ipv4_addr == INADDR_ANY, which is not expected.
I see. Thanks a lot!
Best regards,
Grzegorz Nosek
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list