On Tue, May 26, 2009 at 05:02:49PM +0900, Ken'ichi Ohmichi wrote: > > Hi, > > This patchset adds a new rule based on process name. > I have some TODOS, so this patchset is not complete. > I'd like to talk about them, any comment is welcome. > > TODOS: > ====== > * The cgroup directory, which is specified by `cgexec` command, is > ignored because this patch adds an EXEC event to the event handler. > This problem should be fixed. > > * Think about the length of process name. > A process name is taken from /proc/<pid>/status file, and the name > is shortened to 15 characters if the real name is over than 16 > characters. That is a linux kernel's behavior. Should we consider > a process name in /etc/cgrules.conf as 15 characters, if it is over > than 16 characters like a linux kernel ? >
Does it matter? If we are going to use the status information, then we should really care about the first 15 chars since that is what the kernel will tell us. But as Kamezawa mentioned, why not use cmdline? > > Requirement: > ============ > The existing rule based on UID/GID is worth in many cases, that an > administrator prepares an exclusive user for each program (apache, > postgresql, etc.). > In some cases, this rule is not enough. For example, some backup > tool runs as root user because it needs to access any disk for the > backup, and it uses a lot of memory. So we'd like to restrict its > memory usage automatically, but the rule based on UID/GID can not > be used. > So it is worth to add a new rule based on a process name. > > > NEW RULE (/etc/cgrules.conf): > ============================= > EXISTING) <user> <controllers> <destination> > NEW) <user>:<process name> <controllers> <destination> > > The existing rule is used for the compatibility, and a new rule > is as the following: > <user>:<process name> <controllers> <destination> > > If matching both process's user and process name with a rule when > an EXEC event happens, the process is moved to cgroup <destination> > of subsystem <controllers>. > > > REFERENCE: > ========== > * [RFC] New rule based on process name. > > http://sourceforge.net/mailarchive/forum.php?thread_name=4A126F8C.2010005%40mxs.nes.nec.co.jp&forum_name=libcg-devel > I've reviewed the first 4 patches. The first three can go in immediately. Will review the last three and let you know my comments. Thanks Ken'ichi for doing this. -- regards, Dhaval ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com _______________________________________________ Libcg-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/libcg-devel
