• Serge E. Hallyn's avatar
    cgroups: implement namespace tracking subsystem · 858d72ea
    Serge E. Hallyn authored
    When a task enters a new namespace via a clone() or unshare(), a new cgroup
    is created and the task moves into it.
    
    This version names cgroups which are automatically created using
    cgroup_clone() as "node_<pid>" where pid is the pid of the unsharing or
    cloned process.  (Thanks Pavel for the idea) This is safe because if the
    process unshares again, it will create
    
    	/cgroups/(...)/node_<pid>/node_<pid>
    
    The only possibilities (AFAICT) for a -EEXIST on unshare are
    
    	1. pid wraparound
    	2. a process fails an unshare, then tries again.
    
    Case 1 is unlikely enough that I ignore it (at least for now).  In case 2, the
    node_<pid> will be empty and can be rmdir'ed to make the subsequent unshare()
    succeed.
    
    Changelog:
    	Name cloned cgroups as "node_<pid>".
    
    [clg@fr.ibm.com: fix order of cgroup subsystems in init/Kconfig]
    Signed-off-by: default avatarSerge E. Hallyn <serue@us.ibm.com>
    Cc: Paul Menage <menage@google.com>
    Signed-off-by: default avatarCedric Le Goater <clg@fr.ibm.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    858d72ea
nsproxy.c 4.77 KB