mirror of https://github.com/mkerrisk/man-pages
cgroups.7: Note Linux 4.11 changes to cgroup v2 delegation containment rules
See kernel commit 576dd464505fc53d501bb94569db76f220104d28 Reported-by: Tejun Heo <tj@kernel.org> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
896305ece8
commit
28f612ea3d
|
@ -926,9 +926,6 @@ a "target" process into a
|
|||
.IR cgroup.procs
|
||||
file only if all of the following are true:
|
||||
.IP * 3
|
||||
The effective UID of the writer (i.e., the delegatee) matches the
|
||||
real user ID or the saved set-user-ID of the target process.
|
||||
.IP *
|
||||
The writer has write permission on the
|
||||
.I cgroup.procs
|
||||
file in the destination cgroup.
|
||||
|
@ -938,6 +935,14 @@ The writer has write permission on the
|
|||
file in the common ancestor of the source and destination cgroups.
|
||||
(In some cases,
|
||||
the common ancestor may be the source or destination cgroup itself.)
|
||||
.IP *
|
||||
Before Linux 4.11:
|
||||
.\" commit 576dd464505fc53d501bb94569db76f220104d28
|
||||
the effective UID of the writer (i.e., the delegatee) matches the
|
||||
real user ID or the saved set-user-ID of the target process.
|
||||
(This was a historical requirement inherited from cgroups v1
|
||||
that was later deemed unnecessary,
|
||||
since the other rules suffice for containment in cgroups v2.)
|
||||
.PP
|
||||
.IR Note :
|
||||
one consequence of these delegation containment rules is that the
|
||||
|
|
Loading…
Reference in New Issue