Hello,

On Thu, Jun 17, 2021 at 10:09:41AM +0100, Lee Jones wrote:

It should be possible for processes with CAP_SYS_NICE capabilities
(privileges) to move lower priority tasks within the same namespace to
different cgroups.

I'm not sure that "should" is justified that easily given that cgroup can
affect things like device access permissions and basic system organization.

One extremely common example of this is Android's 'system_server',
which moves processes around to different cgroups/cpusets, but should
not require any other root privileges.

Why is this being brought up now after all the years? Isn't android moving
onto cgroup2 anyway?

Thanks.

-- 
tejun