[Devel] [PATCH RH7 2/2] Allow write to several safe cgroup files from CT

Cyrill Gorcunov gorcunov at virtuozzo.com
Mon Mar 21 07:10:19 PDT 2016


On Mon, Mar 21, 2016 at 04:54:41PM +0300, Pavel Tikhomirov wrote:
> Add flag CFTYPE_VEWRITABLE to identify cgroup files writable in CT.
> 
> File memory.use_hierarchy is safe to set in CT and needed by
> systemd, it only makes memory cgroup accounting fully hierarchic.
> 
> Files tasks and cgroup.procs are needed to move tasks to top CT
> cgroups - that is also safe.
> 
> https://jira.sw.ru/browse/PSBM-44981
> Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
> ---

procs are safe 'cause from inside of container we don't have
access to nother pid namespaces.

Reviewed-by: Cyrill Gorcunov <gorcunov at openvz.org>

Thank you!


More information about the Devel mailing list