On Tue, 26 May 2009 17:02:49 +0900 "Ken'ichi Ohmichi" <[email protected]> wrote:
> > Hi, > > This patchset adds a new rule based on process name. > I have some TODOS, so this patchset is not complete. > I'd like to talk about them, any comment is welcome. > > TODOS: > ====== > * The cgroup directory, which is specified by `cgexec` command, is > ignored because this patch adds an EXEC event to the event handler. > This problem should be fixed. > > * Think about the length of process name. > A process name is taken from /proc/<pid>/status file, and the name > is shortened to 15 characters if the real name is over than 16 > characters. That is a linux kernel's behavior. Should we consider > a process name in /etc/cgrules.conf as 15 characters, if it is over > than 16 characters like a linux kernel ? > I'm sorry that I don't read the whole patch precisely. Why based on "process name", why not "exec file" ? Do you have special reason ? Thanks, -Kame > > Requirement: > ============ > The existing rule based on UID/GID is worth in many cases, that an > administrator prepares an exclusive user for each program (apache, > postgresql, etc.). > In some cases, this rule is not enough. For example, some backup > tool runs as root user because it needs to access any disk for the > backup, and it uses a lot of memory. So we'd like to restrict its > memory usage automatically, but the rule based on UID/GID can not > be used. > So it is worth to add a new rule based on a process name. > > > NEW RULE (/etc/cgrules.conf): > ============================= > EXISTING) <user> <controllers> <destination> > NEW) <user>:<process name> <controllers> <destination> > > The existing rule is used for the compatibility, and a new rule > is as the following: > <user>:<process name> <controllers> <destination> > > If matching both process's user and process name with a rule when > an EXEC event happens, the process is moved to cgroup <destination> > of subsystem <controllers>. > > > REFERENCE: > ========== > * [RFC] New rule based on process name. > > http://sourceforge.net/mailarchive/forum.php?thread_name=4A126F8C.2010005%40mxs.nes.nec.co.jp&forum_name=libcg-devel > > > Thanks > Ken'ichi Ohmichi > > ------------------------------------------------------------------------------ > Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT > is a gathering of tech-side developers & brand creativity professionals. Meet > the minds behind Google Creative Lab, Visual Complexity, Processing, & > iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian > Group, R/GA, & Big Spaceship. http://www.creativitycat.com > _______________________________________________ > Libcg-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/libcg-devel > ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com _______________________________________________ Libcg-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/libcg-devel
