diff options
| author | Serge E. Hallyn <serue@us.ibm.com> | 2007-10-19 02:39:45 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-10-19 14:53:37 -0400 |
| commit | 858d72ead4864da0fb0b89b919524125ce998e27 (patch) | |
| tree | 19ea321ca3b505efecb2053a829daf89a6a22529 /kernel/nsproxy.c | |
| parent | 846c7bb055747989891f5cd2bb6e8d56243ba1e7 (diff) | |
cgroups: implement namespace tracking subsystem
When a task enters a new namespace via a clone() or unshare(), a new cgroup
is created and the task moves into it.
This version names cgroups which are automatically created using
cgroup_clone() as "node_<pid>" where pid is the pid of the unsharing or
cloned process. (Thanks Pavel for the idea) This is safe because if the
process unshares again, it will create
/cgroups/(...)/node_<pid>/node_<pid>
The only possibilities (AFAICT) for a -EEXIST on unshare are
1. pid wraparound
2. a process fails an unshare, then tries again.
Case 1 is unlikely enough that I ignore it (at least for now). In case 2, the
node_<pid> will be empty and can be rmdir'ed to make the subsequent unshare()
succeed.
Changelog:
Name cloned cgroups as "node_<pid>".
[clg@fr.ibm.com: fix order of cgroup subsystems in init/Kconfig]
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Cc: Paul Menage <menage@google.com>
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel/nsproxy.c')
| -rw-r--r-- | kernel/nsproxy.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c index 049e7c0ac566..ac99837e7a04 100644 --- a/kernel/nsproxy.c +++ b/kernel/nsproxy.c | |||
| @@ -156,7 +156,14 @@ int copy_namespaces(unsigned long flags, struct task_struct *tsk) | |||
| 156 | goto out; | 156 | goto out; |
| 157 | } | 157 | } |
| 158 | 158 | ||
| 159 | err = ns_cgroup_clone(tsk); | ||
| 160 | if (err) { | ||
| 161 | put_nsproxy(new_ns); | ||
| 162 | goto out; | ||
| 163 | } | ||
| 164 | |||
| 159 | tsk->nsproxy = new_ns; | 165 | tsk->nsproxy = new_ns; |
| 166 | |||
| 160 | out: | 167 | out: |
| 161 | put_nsproxy(old_ns); | 168 | put_nsproxy(old_ns); |
| 162 | return err; | 169 | return err; |
| @@ -196,8 +203,16 @@ int unshare_nsproxy_namespaces(unsigned long unshare_flags, | |||
| 196 | 203 | ||
| 197 | *new_nsp = create_new_namespaces(unshare_flags, current, | 204 | *new_nsp = create_new_namespaces(unshare_flags, current, |
| 198 | new_fs ? new_fs : current->fs); | 205 | new_fs ? new_fs : current->fs); |
| 199 | if (IS_ERR(*new_nsp)) | 206 | if (IS_ERR(*new_nsp)) { |
| 200 | err = PTR_ERR(*new_nsp); | 207 | err = PTR_ERR(*new_nsp); |
| 208 | goto out; | ||
| 209 | } | ||
| 210 | |||
| 211 | err = ns_cgroup_clone(current); | ||
| 212 | if (err) | ||
| 213 | put_nsproxy(*new_nsp); | ||
| 214 | |||
| 215 | out: | ||
| 201 | return err; | 216 | return err; |
| 202 | } | 217 | } |
| 203 | 218 | ||