LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity

cgroups.7: Note Linux 4.11 changes to cgroup v2 delegation containment rules 

See kernel commit 576dd464505fc53d501bb94569db76f220104d28

Reported-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk 2018-01-08 20:43:44 +01:00
parent 896305ece8
commit 28f612ea3d
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
man7/cgroups.7
View File

@ -926,9 +926,6 @@ a "target" process into a
.IR cgroup.procs
file only if all of the following are true:
.IP * 3
The effective UID of the writer (i.e., the delegatee) matches the
real user ID or the saved set-user-ID of the target process.
.IP *
The writer has write permission on the
.I cgroup.procs
file in the destination cgroup.
@ -938,6 +935,14 @@ The writer has write permission on the
file in the common ancestor of the source and destination cgroups.
(In some cases,
the common ancestor may be the source or destination cgroup itself.)
.IP *
Before Linux 4.11:
.\" commit 576dd464505fc53d501bb94569db76f220104d28
the effective UID of the writer (i.e., the delegatee) matches the
real user ID or the saved set-user-ID of the target process.
(This was a historical requirement inherited from cgroups v1
that was later deemed unnecessary,
since the other rules suffice for containment in cgroups v2.)
.PP
.IR Note :
one consequence of these delegation containment rules is that the