From 858d72ead4864da0fb0b89b919524125ce998e27 Mon Sep 17 00:00:00 2001 From: "Serge E. Hallyn" Date: Thu, 18 Oct 2007 23:39:45 -0700 Subject: cgroups: implement namespace tracking subsystem When a task enters a new namespace via a clone() or unshare(), a new cgroup is created and the task moves into it. This version names cgroups which are automatically created using cgroup_clone() as "node_" where pid is the pid of the unsharing or cloned process. (Thanks Pavel for the idea) This is safe because if the process unshares again, it will create /cgroups/(...)/node_/node_ The only possibilities (AFAICT) for a -EEXIST on unshare are 1. pid wraparound 2. a process fails an unshare, then tries again. Case 1 is unlikely enough that I ignore it (at least for now). In case 2, the node_ will be empty and can be rmdir'ed to make the subsequent unshare() succeed. Changelog: Name cloned cgroups as "node_". [clg@fr.ibm.com: fix order of cgroup subsystems in init/Kconfig] Signed-off-by: Serge E. Hallyn Cc: Paul Menage Signed-off-by: Cedric Le Goater Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- include/linux/cgroup_subsys.h | 6 ++++++ include/linux/nsproxy.h | 7 +++++++ 2 files changed, 13 insertions(+) (limited to 'include') diff --git a/include/linux/cgroup_subsys.h b/include/linux/cgroup_subsys.h index cbadc3b5dbc0..651ff0869b2d 100644 --- a/include/linux/cgroup_subsys.h +++ b/include/linux/cgroup_subsys.h @@ -24,3 +24,9 @@ SUBSYS(debug) #endif /* */ + +#ifdef CONFIG_CGROUP_NS +SUBSYS(ns) +#endif + +/* */ diff --git a/include/linux/nsproxy.h b/include/linux/nsproxy.h index 033a648709b6..f1eca68751a9 100644 --- a/include/linux/nsproxy.h +++ b/include/linux/nsproxy.h @@ -55,4 +55,11 @@ static inline void exit_task_namespaces(struct task_struct *p) put_nsproxy(ns); } } + +#ifdef CONFIG_CGROUP_NS +int ns_cgroup_clone(struct task_struct *tsk); +#else +static inline int ns_cgroup_clone(struct task_struct *tsk) { return 0; } +#endif + #endif -- cgit v1.2.1