Hi, This patchset adds a new rule based on process name. I have some TODOS, so this patchset is not complete. I'd like to talk about them, any comment is welcome.
TODOS: ====== * The cgroup directory, which is specified by `cgexec` command, is ignored because this patch adds an EXEC event to the event handler. This problem should be fixed. * Think about the length of process name. A process name is taken from /proc/<pid>/status file, and the name is shortened to 15 characters if the real name is over than 16 characters. That is a linux kernel's behavior. Should we consider a process name in /etc/cgrules.conf as 15 characters, if it is over than 16 characters like a linux kernel ? Requirement: ============ The existing rule based on UID/GID is worth in many cases, that an administrator prepares an exclusive user for each program (apache, postgresql, etc.). In some cases, this rule is not enough. For example, some backup tool runs as root user because it needs to access any disk for the backup, and it uses a lot of memory. So we'd like to restrict its memory usage automatically, but the rule based on UID/GID can not be used. So it is worth to add a new rule based on a process name. NEW RULE (/etc/cgrules.conf): ============================= EXISTING) <user> <controllers> <destination> NEW) <user>:<process name> <controllers> <destination> The existing rule is used for the compatibility, and a new rule is as the following: <user>:<process name> <controllers> <destination> If matching both process's user and process name with a rule when an EXEC event happens, the process is moved to cgroup <destination> of subsystem <controllers>. REFERENCE: ========== * [RFC] New rule based on process name. http://sourceforge.net/mailarchive/forum.php?thread_name=4A126F8C.2010005%40mxs.nes.nec.co.jp&forum_name=libcg-devel Thanks Ken'ichi Ohmichi ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com _______________________________________________ Libcg-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/libcg-devel
