mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-15 23:25:07 +00:00
cgroup: add documentation on extended attributes usage
v2: update cgroups.txt instead of creating a new file Cc: Tejun Heo <tj@kernel.org> Cc: Hugh Dickins <hughd@google.com> Cc: Hillf Danton <dhillf@gmail.com> Cc: Lennart Poettering <lpoetter@redhat.com> Acked-by: Li Zefan <lizefan@huawei.com> Signed-off-by: Aristeu Rozanski <aris@redhat.com> Signed-off-by: Tejun Heo <tj@kernel.org>
This commit is contained in:
parent
a1a71b45a6
commit
19ec2567e0
1 changed files with 22 additions and 2 deletions
|
@ -29,7 +29,8 @@ CONTENTS:
|
||||||
3.1 Overview
|
3.1 Overview
|
||||||
3.2 Synchronization
|
3.2 Synchronization
|
||||||
3.3 Subsystem API
|
3.3 Subsystem API
|
||||||
4. Questions
|
4. Extended attributes usage
|
||||||
|
5. Questions
|
||||||
|
|
||||||
1. Control Groups
|
1. Control Groups
|
||||||
=================
|
=================
|
||||||
|
@ -650,7 +651,26 @@ and root cgroup. Currently this will only involve movement between
|
||||||
the default hierarchy (which never has sub-cgroups) and a hierarchy
|
the default hierarchy (which never has sub-cgroups) and a hierarchy
|
||||||
that is being created/destroyed (and hence has no sub-cgroups).
|
that is being created/destroyed (and hence has no sub-cgroups).
|
||||||
|
|
||||||
4. Questions
|
4. Extended attribute usage
|
||||||
|
===========================
|
||||||
|
|
||||||
|
cgroup filesystem supports certain types of extended attributes in its
|
||||||
|
directories and files. The current supported types are:
|
||||||
|
- Trusted (XATTR_TRUSTED)
|
||||||
|
- Security (XATTR_SECURITY)
|
||||||
|
|
||||||
|
Both require CAP_SYS_ADMIN capability to set.
|
||||||
|
|
||||||
|
Like in tmpfs, the extended attributes in cgroup filesystem are stored
|
||||||
|
using kernel memory and it's advised to keep the usage at minimum. This
|
||||||
|
is the reason why user defined extended attributes are not supported, since
|
||||||
|
any user can do it and there's no limit in the value size.
|
||||||
|
|
||||||
|
The current known users for this feature are SELinux to limit cgroup usage
|
||||||
|
in containers and systemd for assorted meta data like main PID in a cgroup
|
||||||
|
(systemd creates a cgroup per service).
|
||||||
|
|
||||||
|
5. Questions
|
||||||
============
|
============
|
||||||
|
|
||||||
Q: what's up with this '/bin/echo' ?
|
Q: what's up with this '/bin/echo' ?
|
||||||
|
|
Loading…
Reference in a new issue