Re: [PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

Hello, On Sat, Dec 17, 2016 at 10:06:51PM +0100, Mickaël Salaün wrote: > If I understand correctly, this patch is intended to add a delegation > feature to cgroup v1, which does not really make sense for the v2 It's more about upstreaming a workaround for android somewhat like including binder

Re: [PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

Hello, On Sat, Dec 17, 2016 at 10:06:51PM +0100, Mickaël Salaün wrote: > If I understand correctly, this patch is intended to add a delegation > feature to cgroup v1, which does not really make sense for the v2 It's more about upstreaming a workaround for android somewhat like including binder

Re: [PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

Hi, If I understand correctly, this patch is intended to add a delegation feature to cgroup v1, which does not really make sense for the v2 because of the clean cgroup-v2 delegation design. However, this new capability impact both versions. As Michael said, capabilities are a limited numbers of

Re: [PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

Hi, If I understand correctly, this patch is intended to add a delegation feature to cgroup v1, which does not really make sense for the v2 because of the clean cgroup-v2 delegation design. However, this new capability impact both versions. As Michael said, capabilities are a limited numbers of

[PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

This patch adds CAP_GROUP and logic to allows a process to migrate other tasks between cgroups. In Android (where this feature originated), the ActivityManager tracks various application states (TOP_APP, FOREGROUND, BACKGROUND, SYSTEM, etc), and then as applications change states, the SchedPolicy

[PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

This patch adds CAP_GROUP and logic to allows a process to migrate other tasks between cgroups. In Android (where this feature originated), the ActivityManager tracks various application states (TOP_APP, FOREGROUND, BACKGROUND, SYSTEM, etc), and then as applications change states, the SchedPolicy

Re: [PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

On Wed, Oct 19, 2016 at 1:52 PM, Tejun Heo wrote: > Hello, > > On Tue, Oct 18, 2016 at 09:54:37AM -0700, John Stultz wrote: >> > Also, CAP_SYS_RESOURCE deserves consideration (34 uses in capable() >> > checks). I'd say, since cgroups are about resources, so there's >> > something

Re: [PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

On Wed, Oct 19, 2016 at 1:52 PM, Tejun Heo wrote: > Hello, > > On Tue, Oct 18, 2016 at 09:54:37AM -0700, John Stultz wrote: >> > Also, CAP_SYS_RESOURCE deserves consideration (34 uses in capable() >> > checks). I'd say, since cgroups are about resources, so there's >> > something of a match

Re: [PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

Hello, On Tue, Oct 18, 2016 at 09:54:37AM -0700, John Stultz wrote: > > Also, CAP_SYS_RESOURCE deserves consideration (34 uses in capable() > > checks). I'd say, since cgroups are about resources, so there's > > something of a match there., so it's also worth considering. > > I'll try to look

Re: [PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

Hello, On Tue, Oct 18, 2016 at 09:54:37AM -0700, John Stultz wrote: > > Also, CAP_SYS_RESOURCE deserves consideration (34 uses in capable() > > checks). I'd say, since cgroups are about resources, so there's > > something of a match there., so it's also worth considering. > > I'll try to look

Re: [PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

Hello, Andy. On Mon, Oct 17, 2016 at 03:40:37PM -0700, Andy Lutomirski wrote: > > @@ -2856,7 +2856,8 @@ static int cgroup_procs_write_permission(struct > > task_struct *task, > > */ > > if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) && > > !uid_eq(cred->euid, tcred->uid)

Re: [PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

Hello, Andy. On Mon, Oct 17, 2016 at 03:40:37PM -0700, Andy Lutomirski wrote: > > @@ -2856,7 +2856,8 @@ static int cgroup_procs_write_permission(struct > > task_struct *task, > > */ > > if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) && > > !uid_eq(cred->euid, tcred->uid)

Re: [PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

Hi John, On 10/18/2016 06:54 PM, John Stultz wrote: > On Tue, Oct 18, 2016 at 1:17 AM, Michael Kerrisk (man-pages) > wrote: >> Hi John, >> >> On 18 October 2016 at 01:35, John Stultz wrote: >>> On Mon, Oct 17, 2016 at 3:40 PM, Andy Lutomirski

Re: [PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

Hi John, On 10/18/2016 06:54 PM, John Stultz wrote: > On Tue, Oct 18, 2016 at 1:17 AM, Michael Kerrisk (man-pages) > wrote: >> Hi John, >> >> On 18 October 2016 at 01:35, John Stultz wrote: >>> On Mon, Oct 17, 2016 at 3:40 PM, Andy Lutomirski >>> wrote: On Mon, Oct 17, 2016 at 3:35 PM,

Re: [PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

On Tue, Oct 18, 2016 at 1:17 AM, Michael Kerrisk (man-pages) wrote: > Hi John, > > On 18 October 2016 at 01:35, John Stultz wrote: >> On Mon, Oct 17, 2016 at 3:40 PM, Andy Lutomirski wrote: >>> On Mon, Oct 17, 2016 at 3:35 PM,

Re: [PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

On Tue, Oct 18, 2016 at 1:17 AM, Michael Kerrisk (man-pages) wrote: > Hi John, > > On 18 October 2016 at 01:35, John Stultz wrote: >> On Mon, Oct 17, 2016 at 3:40 PM, Andy Lutomirski wrote: >>> On Mon, Oct 17, 2016 at 3:35 PM, John Stultz wrote: This patch adds CAP_GROUP_MIGRATE and logic

Re: [PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

Hi John, On 18 October 2016 at 01:35, John Stultz wrote: > On Mon, Oct 17, 2016 at 3:40 PM, Andy Lutomirski wrote: >> On Mon, Oct 17, 2016 at 3:35 PM, John Stultz wrote: >>> This patch adds CAP_GROUP_MIGRATE and logic to

Re: [PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

Hi John, On 18 October 2016 at 01:35, John Stultz wrote: > On Mon, Oct 17, 2016 at 3:40 PM, Andy Lutomirski wrote: >> On Mon, Oct 17, 2016 at 3:35 PM, John Stultz wrote: >>> This patch adds CAP_GROUP_MIGRATE and logic to allows a process >>> to migrate other tasks between cgroups. >>> >>> In

Re: [PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

On Mon, Oct 17, 2016 at 3:40 PM, Andy Lutomirski wrote: > On Mon, Oct 17, 2016 at 3:35 PM, John Stultz wrote: >> This patch adds CAP_GROUP_MIGRATE and logic to allows a process >> to migrate other tasks between cgroups. >> >> In Android (where this

Re: [PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

On Mon, Oct 17, 2016 at 3:40 PM, Andy Lutomirski wrote: > On Mon, Oct 17, 2016 at 3:35 PM, John Stultz wrote: >> This patch adds CAP_GROUP_MIGRATE and logic to allows a process >> to migrate other tasks between cgroups. >> >> In Android (where this feature originated), the ActivityManager tracks

Re: [PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

On Mon, Oct 17, 2016 at 3:35 PM, John Stultz wrote: > This patch adds CAP_GROUP_MIGRATE and logic to allows a process > to migrate other tasks between cgroups. > > In Android (where this feature originated), the ActivityManager tracks > various application states (TOP_APP,

Re: [PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

On Mon, Oct 17, 2016 at 3:35 PM, John Stultz wrote: > This patch adds CAP_GROUP_MIGRATE and logic to allows a process > to migrate other tasks between cgroups. > > In Android (where this feature originated), the ActivityManager tracks > various application states (TOP_APP, FOREGROUND, BACKGROUND,

[PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

This patch adds CAP_GROUP_MIGRATE and logic to allows a process to migrate other tasks between cgroups. In Android (where this feature originated), the ActivityManager tracks various application states (TOP_APP, FOREGROUND, BACKGROUND, SYSTEM, etc), and then as applications change states, the

[PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

This patch adds CAP_GROUP_MIGRATE and logic to allows a process to migrate other tasks between cgroups. In Android (where this feature originated), the ActivityManager tracks various application states (TOP_APP, FOREGROUND, BACKGROUND, SYSTEM, etc), and then as applications change states, the

Re: [RFC][PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

Hello, On Tue, Oct 04, 2016 at 11:25:29PM -0500, Serge E. Hallyn wrote: > > > If anything I'd say the GLOBAL_ROOT_UID check could be taken out since > > > otherwise a host-root task effectively cannot drop this capability. > > > > Is this ok to leave for a separate patch? > > Yeah. And I'm not

Re: [RFC][PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

Hello, On Tue, Oct 04, 2016 at 11:25:29PM -0500, Serge E. Hallyn wrote: > > > If anything I'd say the GLOBAL_ROOT_UID check could be taken out since > > > otherwise a host-root task effectively cannot drop this capability. > > > > Is this ok to leave for a separate patch? > > Yeah. And I'm not

Re: [RFC][PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

On Tue, Oct 04, 2016 at 08:00:18PM -0700, John Stultz wrote: > On Tue, Oct 4, 2016 at 5:38 PM, Serge E. Hallyn wrote: > > Quoting John Stultz (john.stu...@linaro.org): > >> So this patch, as suggested by Tejun, simply adds a new process > >> capability flag

Re: [RFC][PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

On Tue, Oct 04, 2016 at 08:00:18PM -0700, John Stultz wrote: > On Tue, Oct 4, 2016 at 5:38 PM, Serge E. Hallyn wrote: > > Quoting John Stultz (john.stu...@linaro.org): > >> So this patch, as suggested by Tejun, simply adds a new process > >> capability flag (CAP_CGROUP_MIGRATE_TASK), and uses it

Re: [RFC][PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

On Tue, Oct 4, 2016 at 5:38 PM, Serge E. Hallyn wrote: > Quoting John Stultz (john.stu...@linaro.org): >> So this patch, as suggested by Tejun, simply adds a new process >> capability flag (CAP_CGROUP_MIGRATE_TASK), and uses it when checking > > So realistically, what all can

Re: [RFC][PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

On Tue, Oct 4, 2016 at 5:38 PM, Serge E. Hallyn wrote: > Quoting John Stultz (john.stu...@linaro.org): >> So this patch, as suggested by Tejun, simply adds a new process >> capability flag (CAP_CGROUP_MIGRATE_TASK), and uses it when checking > > So realistically, what all can this mean?

Re: [RFC][PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

Quoting John Stultz (john.stu...@linaro.org): > This patch adds CAP_GROUP_MIGRATE_TASK and logic to allows a process > to migrate other tasks between cgroups. > > In Android (where this feature originated), the ActivityManager tracks > various application states (TOP_APP, FOREGROUND, BACKGROUND,

Re: [RFC][PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

Quoting John Stultz (john.stu...@linaro.org): > This patch adds CAP_GROUP_MIGRATE_TASK and logic to allows a process > to migrate other tasks between cgroups. > > In Android (where this feature originated), the ActivityManager tracks > various application states (TOP_APP, FOREGROUND, BACKGROUND,

[RFC][PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

This patch adds CAP_GROUP_MIGRATE_TASK and logic to allows a process to migrate other tasks between cgroups. In Android (where this feature originated), the ActivityManager tracks various application states (TOP_APP, FOREGROUND, BACKGROUND, SYSTEM, etc), and then as applications change states,

[RFC][PATCH] cgroup: Add new capability to allow a process to migrate other tasks between cgroups

This patch adds CAP_GROUP_MIGRATE_TASK and logic to allows a process to migrate other tasks between cgroups. In Android (where this feature originated), the ActivityManager tracks various application states (TOP_APP, FOREGROUND, BACKGROUND, SYSTEM, etc), and then as applications change states,