[PATCH v2 1/2] cgroups: add documentation on extended attributes usage
From: Aristeu Rozanski <hidden>
Date: 2012-09-11 20:28:24
Also in:
lkml
v2: update cgroups.txt instead of creating a new file Cc: Li Zefan <redacted> Cc: Tejun Heo <tj@kernel.org> Cc: Hugh Dickins <hughd@google.com> Cc: Hillf Danton <redacted> Cc: Lennart Poettering <redacted> Signed-off-by: Aristeu Rozanski <redacted> --- Documentation/cgroups/cgroups.txt | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) Index: github/Documentation/cgroups/cgroups.txt ===================================================================
--- github.orig/Documentation/cgroups/cgroups.txt 2012-08-16 10:24:48.437596817 -0400
+++ github/Documentation/cgroups/cgroups.txt 2012-09-07 10:23:19.974357952 -0400@@ -29,7 +29,8 @@ 3.1 Overview 3.2 Synchronization 3.3 Subsystem API -4. Questions +4. Extended attributes usage +5. Questions 1. Control Groups =================
@@ -650,7 +651,26 @@ the default hierarchy (which never has sub-cgroups) and a hierarchy that is being created/destroyed (and hence has no sub-cgroups). -4. Questions +4. Extended attribute usage +=========================== + +cgroup filesystem supports certain types of extended attributes in its +directories and files. The current supported types are: + - Trusted (XATTR_TRUSTED) + - Security (XATTR_SECURITY) + +Both require CAP_SYS_ADMIN capability to set. + +Like in tmpfs, the extended attributes in cgroup filesystem are stored +using kernel memory and it's advised to keep the usage at minimum. This +is the reason why user defined extended attributes are not supported, since +any user can do it and there's no limit in the value size. + +The current known users for this feature are SELinux to limit cgroup usage +in containers and systemd for assorted meta data like main PID in a cgroup +(systemd creates a cgroup per service). + +5. Questions ============ Q: what's up with this '/bin/echo' ?