Re: [PATCH 5/5] cgroup: introduce cgroup namespaces

(off-list ancestor, not in this archive)
[PATCH 0/5] RFC: CGroup Namespaces · Aditya Kali <hidden> · 2014-07-17
[PATCH 2/5] sched: new clone flag CLONE_NEWCGROUP for cgroup namespace · Aditya Kali <hidden> · 2014-07-17
Re: [PATCH 2/5] sched: new clone flag CLONE_NEWCGROUP for cgroup namespace · Serge Hallyn <hidden> · 2014-07-24
Re: [PATCH 2/5] sched: new clone flag CLONE_NEWCGROUP for cgroup namespace · Aditya Kali <hidden> · 2014-07-31
Re: [PATCH 2/5] sched: new clone flag CLONE_NEWCGROUP for cgroup namespace · Serge Hallyn <hidden> · 2014-08-04
[PATCH 1/5] kernfs: Add API to get generate relative kernfs path · Aditya Kali <hidden> · 2014-07-17
Re: [PATCH 1/5] kernfs: Add API to get generate relative kernfs path · Serge Hallyn <hidden> · 2014-07-24
[PATCH 3/5] cgroup: add function to get task's cgroup on default hierarchy · Aditya Kali <hidden> · 2014-07-17
Re: [PATCH 3/5] cgroup: add function to get task's cgroup on default hierarchy · Serge Hallyn <hidden> · 2014-07-24
[PATCH 4/5] cgroup: export cgroup_get() and cgroup_put() · Aditya Kali <hidden> · 2014-07-17
Re: [PATCH 4/5] cgroup: export cgroup_get() and cgroup_put() · Serge Hallyn <hidden> · 2014-07-24
[PATCH 5/5] cgroup: introduce cgroup namespaces · Aditya Kali <hidden> · 2014-07-17
Re: [PATCH 5/5] cgroup: introduce cgroup namespaces · Andy Lutomirski <luto@amacapital.net> · 2014-07-17
Re: [PATCH 5/5] cgroup: introduce cgroup namespaces · Aditya Kali <hidden> · 2014-07-17
Re: [PATCH 5/5] cgroup: introduce cgroup namespaces · Andy Lutomirski <luto@amacapital.net> · 2014-07-18
Re: [PATCH 5/5] cgroup: introduce cgroup namespaces · Aditya Kali <hidden> · 2014-07-18
Re: [PATCH 5/5] cgroup: introduce cgroup namespaces · Andy Lutomirski <luto@amacapital.net> · 2014-07-18
Re: [PATCH 5/5] cgroup: introduce cgroup namespaces · Aditya Kali <hidden> · 2014-07-21
Re: [PATCH 5/5] cgroup: introduce cgroup namespaces · Andy Lutomirski <luto@amacapital.net> · 2014-07-21
Re: [PATCH 5/5] cgroup: introduce cgroup namespaces · Aditya Kali <hidden> · 2014-07-23
Re: [PATCH 0/5] RFC: CGroup Namespaces · Serge Hallyn <hidden> · 2014-07-18
Re: [PATCH 0/5] RFC: CGroup Namespaces · Serge Hallyn <hidden> · 2014-07-24
Re: [PATCH 0/5] RFC: CGroup Namespaces · Serge Hallyn <hidden> · 2014-07-24
Re: [PATCH 0/5] RFC: CGroup Namespaces · Aditya Kali <hidden> · 2014-07-25
Re: [PATCH 0/5] RFC: CGroup Namespaces · Andy Lutomirski <luto@amacapital.net> · 2014-07-25
Re: [PATCH 0/5] RFC: CGroup Namespaces · "Serge E. Hallyn" <serge@hallyn.com> · 2014-07-29
Re: [PATCH 0/5] RFC: CGroup Namespaces · Andy Lutomirski <luto@amacapital.net> · 2014-07-29
Re: [PATCH 0/5] RFC: CGroup Namespaces · "Serge E. Hallyn" <serge@hallyn.com> · 2014-07-29

From: Andy Lutomirski <hidden>
Date: 2014-07-17 19:57:27
Also in: cgroups, lkml

On Thu, Jul 17, 2014 at 12:52 PM, Aditya Kali [off-list ref] wrote:

Introduce the ability to create new cgroup namespace. The newly created
cgroup namespace remembers the 'struct cgroup *root_cgrp' at the point
of creation of the cgroup namespace. The task that creates the new
cgroup namespace and all its future children will now be restricted only
to the cgroup hierarchy under this root_cgrp. In the first version,
setns() is not supported for cgroup namespaces.
The main purpose of cgroup namespace is to virtualize the contents
of /proc/self/cgroup file. Processes inside a cgroup namespace
are only able to see paths relative to their namespace root.
This allows container-tools (like libcontainer, lxc, lmctfy, etc.)
to create completely virtualized containers without leaking system
level cgroup hierarchy to the task.

What happens if someone moves a task in a cgroup namespace outside of
the namespace root cgroup?

--Andy

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help