From 28f612ea3d941541becfa1f14c853d86388263b8 Mon Sep 17 00:00:00 2001
From: Michael Kerrisk <mtk.manpages@gmail.com>
Date: Mon, 8 Jan 2018 20:43:44 +0100
Subject: [PATCH] cgroups.7: Note Linux 4.11 changes to cgroup v2 delegation
 containment rules

See kernel commit 576dd464505fc53d501bb94569db76f220104d28

Reported-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---
 man7/cgroups.7 | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/man7/cgroups.7 b/man7/cgroups.7
index 0e9c0a69e..b5a527cc2 100644
--- a/man7/cgroups.7
+++ b/man7/cgroups.7
@@ -926,9 +926,6 @@ a "target" process into a
 .IR cgroup.procs
 file only if all of the following are true:
 .IP * 3
-The effective UID of the writer (i.e., the delegatee) matches the
-real user ID or the saved set-user-ID of the target process.
-.IP *
 The writer has write permission on the
 .I cgroup.procs
 file in the destination cgroup.
@@ -938,6 +935,14 @@ The writer has write permission on the
 file in the common ancestor of the source and destination cgroups.
 (In some cases,
 the common ancestor may be the source or destination cgroup itself.)
+.IP *
+Before Linux 4.11:
+.\" commit 576dd464505fc53d501bb94569db76f220104d28
+the effective UID of the writer (i.e., the delegatee) matches the
+real user ID or the saved set-user-ID of the target process.
+(This was a historical requirement inherited from cgroups v1
+that was later deemed unnecessary,
+since the other rules suffice for containment in cgroups v2.)
 .PP
 .IR Note :
 one consequence of these delegation containment rules is that the