[Devel] [PATCH RH7 2/2] Allow write to several safe cgroup files from CT
Cyrill Gorcunov
gorcunov at virtuozzo.com
Mon Mar 21 07:10:19 PDT 2016
On Mon, Mar 21, 2016 at 04:54:41PM +0300, Pavel Tikhomirov wrote:
> Add flag CFTYPE_VEWRITABLE to identify cgroup files writable in CT.
>
> File memory.use_hierarchy is safe to set in CT and needed by
> systemd, it only makes memory cgroup accounting fully hierarchic.
>
> Files tasks and cgroup.procs are needed to move tasks to top CT
> cgroups - that is also safe.
>
> https://jira.sw.ru/browse/PSBM-44981
> Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
> ---
procs are safe 'cause from inside of container we don't have
access to nother pid namespaces.
Reviewed-by: Cyrill Gorcunov <gorcunov at openvz.org>
Thank you!
More information about the Devel
mailing list