Hi, This patchset is a new version of "a new rule based on process name".
This patchset is based on: * commit "8279047b888cdc269c044d9ec5389def63620c9f" That is the latest git code now. * [PATCH 0/2] [RFC] Delete spam log messagess of "cgred" service. http://sourceforge.net/mailarchive/forum.php?thread_name=4A10EE12.6040607%40mxs.nes.nec.co.jp&forum_name=libcg-devel * [PATCH-v2 0/4] Cleanup patchset (separated from "Add a new rule based on process name.") Changelog of v2: ================ * The cgrulesengd daemon does not change the cgroup of a process which is executed by 'cgexec' command, because it is possible to notify the unchanged process to the daemon by using "unix domain socket". That is the first TODO of v1, and that is related to [PATCH 6/8], [PATCH 7/8] and [PATCH 8/8]. * It is possible to handle a process, which name length is over than 16 characters, also. That is the second TODO of v1, and that is related to [PATCH 1/8]. * A user can specify the full path of command instead of a process name also. So a new rule "NEW2" is added: NEW RULE (/etc/cgrules.conf): ============================= EXISTING) <user> <controllers> <destination> NEW1) <user>:<process name> <controllers> <destination> NEW2) <user>:<full path of command> <controllers> <destination> Example of NEW2: root:/bin/cp cpuset group01 Requirement: ============ The existing rule based on UID/GID is worth in many cases, that an administrator prepares an exclusive user for each program (apache, postgresql, etc.). In some cases, this rule is not enough. For example, some backup tool runs as root user because it needs to access any disk for the backup, and it uses a lot of memory. So we'd like to restrict its memory usage automatically, but the rule based on UID/GID can not be used. So it is worth to add a new rule based on a process name. NEW RULE (/etc/cgrules.conf): ============================= EXISTING) <user> <controllers> <destination> NEW1) <user>:<process name> <controllers> <destination> NEW2) <user>:<full path of command> <controllers> <destination> The existing rule is used for the compatibility, and a new rule is as the following: <user>:<process name> <controllers> <destination> If matching both process's user and process name with a rule when an EXEC event happens, the process is moved to cgroup <destination> of subsystem <controllers>. REFERENCE: ========== * [RFC] New rule based on process name. http://sourceforge.net/mailarchive/forum.php?thread_name=4A126F8C.2010005%40mxs.nes.nec.co.jp&forum_name=libcg-devel * [RFC] [PATCH 0/7] Add a new rule based on process name. http://sourceforge.net/mailarchive/message.php?msg_name=4A1BA229.8000603%40mxs.nes.nec.co.jp Thanks Ken'ichi Ohmichi ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get _______________________________________________ Libcg-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/libcg-devel
