Re: [RESEND][PATCH v4] cgroup: Use CAP_SYS_RESOURCE to allow a process to migrate other tasks between cgroups

Hello, John. On Thu, Dec 08, 2016 at 09:39:38PM -0800, John Stultz wrote: > So just to clarify the discussion for my purposes and make sure I > understood, per-cgroup CAP rules was not desired, and instead we > should either utilize an existing cap (are there still objections to >

Re: [RESEND][PATCH v4] cgroup: Use CAP_SYS_RESOURCE to allow a process to migrate other tasks between cgroups

On Tue, Dec 6, 2016 at 10:23 AM, Tejun Heo wrote: > Hello, > > On Tue, Dec 06, 2016 at 10:13:53AM -0800, Andy Lutomirski wrote: >> > Delegation is an explicit operation and reflected in the ownership of >> > the subdirectories and cgroup interface files in them. The >> >

Re: [RESEND][PATCH v4] cgroup: Use CAP_SYS_RESOURCE to allow a process to migrate other tasks between cgroups

Hello, On Tue, Dec 06, 2016 at 10:13:53AM -0800, Andy Lutomirski wrote: > > Delegation is an explicit operation and reflected in the ownership of > > the subdirectories and cgroup interface files in them. The > > subhierarchy containment is achieved by requiring the user who's > > trying to

Re: [RESEND][PATCH v4] cgroup: Use CAP_SYS_RESOURCE to allow a process to migrate other tasks between cgroups

On Tue, Dec 6, 2016 at 10:12 AM, Tejun Heo wrote: > Hello, > > On Tue, Dec 06, 2016 at 09:01:17AM -0800, Andy Lutomirski wrote: >> How would one be granted the right to move processes around in one's >> own subtree? > > Through expicit delegation - chowning of the directory and >

Re: [RESEND][PATCH v4] cgroup: Use CAP_SYS_RESOURCE to allow a process to migrate other tasks between cgroups

Hello, On Tue, Dec 06, 2016 at 09:01:17AM -0800, Andy Lutomirski wrote: > How would one be granted the right to move processes around in one's > own subtree? Through expicit delegation - chowning of the directory and cgroup.procs file. > Are you imagining that, if you're in /a/b and you want to

Re: [RESEND][PATCH v4] cgroup: Use CAP_SYS_RESOURCE to allow a process to migrate other tasks between cgroups

On Tue, Dec 6, 2016 at 8:55 AM, Tejun Heo wrote: > Hello, > > On Mon, Dec 05, 2016 at 04:36:51PM -0800, Andy Lutomirski wrote: >> I really don't know. The cgroupfs interface is a bit unfortunate in >> that it doesn't really express the constraints. To safely migrate a >> task,

Re: [RESEND][PATCH v4] cgroup: Use CAP_SYS_RESOURCE to allow a process to migrate other tasks between cgroups

Hello, Serge. On Mon, Dec 05, 2016 at 08:00:11PM -0600, Serge E. Hallyn wrote: > > I really don't know. The cgroupfs interface is a bit unfortunate in > > that it doesn't really express the constraints. To safely migrate a > > task, ISTM you ought to have some form of privilege over the task >

Re: [RESEND][PATCH v4] cgroup: Use CAP_SYS_RESOURCE to allow a process to migrate other tasks between cgroups

Hello, On Mon, Dec 05, 2016 at 04:36:51PM -0800, Andy Lutomirski wrote: > I really don't know. The cgroupfs interface is a bit unfortunate in > that it doesn't really express the constraints. To safely migrate a > task, ISTM you ought to have some form of privilege over the task > *and* some

Re: [RESEND][PATCH v4] cgroup: Use CAP_SYS_RESOURCE to allow a process to migrate other tasks between cgroups

On Mon, Dec 05, 2016 at 04:36:51PM -0800, Andy Lutomirski wrote: > On Mon, Dec 5, 2016 at 4:28 PM, John Stultz wrote: > > On Tue, Nov 22, 2016 at 4:57 PM, John Stultz wrote: > >> On Tue, Nov 8, 2016 at 4:12 PM, Andy Lutomirski

Re: [RESEND][PATCH v4] cgroup: Use CAP_SYS_RESOURCE to allow a process to migrate other tasks between cgroups

On Mon, Dec 5, 2016 at 4:28 PM, John Stultz wrote: > On Tue, Nov 22, 2016 at 4:57 PM, John Stultz wrote: >> On Tue, Nov 8, 2016 at 4:12 PM, Andy Lutomirski wrote: >>> On Tue, Nov 8, 2016 at 4:03 PM, Alexei Starovoitov >>>

Re: [RESEND][PATCH v4] cgroup: Use CAP_SYS_RESOURCE to allow a process to migrate other tasks between cgroups

On Tue, Nov 22, 2016 at 4:57 PM, John Stultz wrote: > On Tue, Nov 8, 2016 at 4:12 PM, Andy Lutomirski wrote: >> On Tue, Nov 8, 2016 at 4:03 PM, Alexei Starovoitov >> wrote: >>> On Tue, Nov 08, 2016 at 03:51:40PM -0800,

Re: [RESEND][PATCH v4] cgroup: Use CAP_SYS_RESOURCE to allow a process to migrate other tasks between cgroups

On Tue, Nov 8, 2016 at 4:12 PM, Andy Lutomirski wrote: > On Tue, Nov 8, 2016 at 4:03 PM, Alexei Starovoitov > wrote: >> On Tue, Nov 08, 2016 at 03:51:40PM -0800, Andy Lutomirski wrote: >>> >>> I hate to say it, but I think I may see a problem.

Re: [RESEND][PATCH v4] cgroup: Use CAP_SYS_RESOURCE to allow a process to migrate other tasks between cgroups

On Tue, Nov 8, 2016 at 4:03 PM, Alexei Starovoitov wrote: > On Tue, Nov 08, 2016 at 03:51:40PM -0800, Andy Lutomirski wrote: >> On Tue, Nov 8, 2016 at 3:28 PM, John Stultz wrote: >> > This patch adds logic to allows a process to migrate other

Re: [RESEND][PATCH v4] cgroup: Use CAP_SYS_RESOURCE to allow a process to migrate other tasks between cgroups

On Tue, Nov 08, 2016 at 03:51:40PM -0800, Andy Lutomirski wrote: > On Tue, Nov 8, 2016 at 3:28 PM, John Stultz wrote: > > This patch adds logic to allows a process to migrate other tasks > > between cgroups if they have CAP_SYS_RESOURCE. > > > > In Android (where this

Re: [RESEND][PATCH v4] cgroup: Use CAP_SYS_RESOURCE to allow a process to migrate other tasks between cgroups

On Tue, Nov 8, 2016 at 3:28 PM, John Stultz wrote: > This patch adds logic to allows a process to migrate other tasks > between cgroups if they have CAP_SYS_RESOURCE. > > In Android (where this feature originated), the ActivityManager tracks > various application states