[Devel] [PATCH RH7 2/2] Allow write to several safe cgroup files from CT

Mon, 21 Mar 2016 07:07:24 -0700 

Add flag CFTYPE_VEWRITABLE to identify cgroup files writable in CT.

File memory.use_hierarchy is safe to set in CT and needed by
systemd, it only makes memory cgroup accounting fully hierarchic.

Files tasks and cgroup.procs are needed to move tasks to top CT
cgroups - that is also safe.

https://jira.sw.ru/browse/PSBM-44981
Signed-off-by: Pavel Tikhomirov <[email protected]>
---
 include/linux/cgroup.h | 1 +
 kernel/cgroup.c        | 5 ++++-
 mm/memcontrol.c        | 2 +-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h
index ed5e6ac..aad06e8 100644
--- a/include/linux/cgroup.h
+++ b/include/linux/cgroup.h
@@ -416,6 +416,7 @@ struct cgroup_map_cb {
 #define CFTYPE_ONLY_ON_ROOT    (1U << 0)       /* only create on root cg */
 #define CFTYPE_NOT_ON_ROOT     (1U << 1)       /* don't create on root cg */
 #define CFTYPE_INSANE          (1U << 2)       /* don't create if 
sane_behavior */
+#define CFTYPE_VE_WRITABLE     (1U << 15)      /* allow write from CT */
 
 #define MAX_CFTYPE_NAME                64
 
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index fa4eeb5..5afeb59 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -2413,7 +2413,8 @@ static ssize_t cgroup_file_write(struct file *file, const 
char __user *buf,
         */
        if (!ve_is_super(get_exec_env())
            && (!cgrp->parent || !cgrp->parent->parent)
-           && !get_exec_env()->is_pseudosuper)
+           && !get_exec_env()->is_pseudosuper
+           && !(cft->flags & CFTYPE_VE_WRITABLE))
                return -EPERM;
 #endif
 
@@ -4065,6 +4066,7 @@ static int cgroup_clone_children_write(struct cgroup 
*cgrp,
 static struct cftype files[] = {
        {
                .name = "tasks",
+               .flags = CFTYPE_VE_WRITABLE,
                .open = cgroup_tasks_open,
                .write_u64 = cgroup_tasks_write,
                .release = cgroup_pidlist_release,
@@ -4072,6 +4074,7 @@ static struct cftype files[] = {
        },
        {
                .name = CGROUP_FILE_GENERIC_PREFIX "procs",
+               .flags = CFTYPE_VE_WRITABLE,
                .open = cgroup_procs_open,
                .write_u64 = cgroup_procs_write,
                .release = cgroup_pidlist_release,
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 6009ff5..9672d54 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -6229,7 +6229,7 @@ static struct cftype mem_cgroup_files[] = {
        },
        {
                .name = "use_hierarchy",
-               .flags = CFTYPE_INSANE,
+               .flags = CFTYPE_INSANE | CFTYPE_VE_WRITABLE,
                .write_u64 = mem_cgroup_hierarchy_write,
                .read_u64 = mem_cgroup_hierarchy_read,
        },
-- 
1.9.3

_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to