| From: |
| Michal Koutný <mkoutny-AT-suse.com> |
| To: |
| linux-kernel-AT-vger.kernel.org, cgroups-AT-vger.kernel.org, bpf-AT-vger.kernel.org |
| Subject: |
| [PATCH 0/4] Honor cgroup namespace when resolving cgroup id |
| Date: |
| Fri, 26 Aug 2022 18:52:34 +0200 |
| Message-ID: |
| <20220826165238.30915-1-mkoutny@suse.com> |
| Cc: |
| Tejun Heo <tj-AT-kernel.org>, Aditya Kali <adityakali-AT-google.com>, Serge Hallyn <serge.hallyn-AT-canonical.com>, Roman Gushchin <roman.gushchin-AT-linux.dev>, Yonghong Song <yhs-AT-fb.com>, Muneendra Kumar <muneendra.kumar-AT-broadcom.com>, Yosry Ahmed <yosryahmed-AT-google.com>, Hao Luo <haoluo-AT-google.com> |
| Archive-link: |
| Article |
Cgroup id is becoming a new way for userspace how to refer to cgroups it
wants to act upon. As opposed to cgroupfs (paths, opened FDs), the
current approach does not reflect limited view by (non-init) cgroup
namespaces.
This patches don't aim to limit what a user can do (consider an uid=0 in
mere cgroup namespace) but to provide consistent view within a
namespace.
The series is based on bpf-next with the new cgroup_iter. I've only
boot-tested it (especially I didn't run the BPF selftest).
Michal Koutný (4):
cgroup: Honor caller's cgroup NS when resolving path
cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id
cgroup: Homogenize cgroup_get_from_id() return value
cgroup/bpf: Honor cgroup NS in cgroup_iter for ancestors
block/blk-cgroup-fc-appid.c | 4 +--
include/linux/cgroup.h | 8 +++---
kernel/bpf/cgroup_iter.c | 9 ++++---
kernel/cgroup/cgroup.c | 53 ++++++++++++++++++++++++++++---------
mm/memcontrol.c | 4 +--
5 files changed, 54 insertions(+), 24 deletions(-)
base-commit: 343949e10798a52c6d6a14effc962e010ed471ae
--
2.37.0
