2 files changed, 28 insertions, 1 deletions
diff --git a/Documentation/scheduler/sched-design-CFS.txt b/Documentation/scheduler/sched-design-CFS.txt
index eb471c7a905e..8398ca4ff4ed 100644
--- a/Documentation/scheduler/sched-design-CFS.txt
+++ b/Documentation/scheduler/sched-design-CFS.txt
@@ -273,3 +273,24 @@ task groups and modify their CPU share using the "cgroups" pseudo filesystem.
        # #Launch gmplayer (or your favourite movie player)
        # echo <movie_player_pid> > multimedia/tasks
+8. Implementation note: user namespaces
+User namespaces are intended to be hierarchical.  But they are currently
+only partially implemented.  Each of those has ramifications for CFS.
+First, since user namespaces are hierarchical, the /sys/kernel/uids
+presentation is inadequate.  Eventually we will likely want to use sysfs
+tagging to provide private views of /sys/kernel/uids within each user
+namespace.
+Second, the hierarchical nature is intended to support completely
+unprivileged use of user namespaces.  So if using user groups, then
+we want the users in a user namespace to be children of the user
+who created it.
+That is currently unimplemented.  So instead, every user in a new
+user namespace will receive 1024 shares just like any user in the
+initial user namespace.  Note that at the moment creation of a new
+user namespace requires each of CAP_SYS_ADMIN, CAP_SETUID, and
+CAP_SETGID.
diff --git a/kernel/user.c b/kernel/user.c
index 6c924bc48c08..6608a3d8ca61 100644
--- a/kernel/user.c
+++ b/kernel/user.c
@@ -239,7 +239,13 @@ static struct kobj_type uids_ktype = {
        .release = uids_release,
 };
-/* create /sys/kernel/uids/<uid>/cpu_share file for this user */
+/*
+ * Create /sys/kernel/uids/<uid>/cpu_share file for this user
+ * We do not create this file for users in a user namespace (until
+ * sysfs tagging is implemented).
+ *
+ * See Documentation/scheduler/sched-design-CFS.txt for ramifications.
+ */
 static int uids_user_create(struct user_struct *up)
 {
        struct kobject *kobj = &up->kobj;

diff --git a/Documentation/scheduler/sched-design-CFS.txt b/Documentation/scheduler/sched-design-CFS.txt index eb471c7a905e..8398ca4ff4ed 100644 --- a/Documentation/scheduler/sched-design-CFS.txt +++ b/Documentation/scheduler/sched-design-CFS.txt
@@ -273,3 +273,24 @@ task groups and modify their CPU share using the "cgroups" pseudo filesystem.
273		273
274	# #Launch gmplayer (or your favourite movie player)	274	# #Launch gmplayer (or your favourite movie player)
275	# echo <movie_player_pid> > multimedia/tasks	275	# echo <movie_player_pid> > multimedia/tasks
		276
		277	8. Implementation note: user namespaces
		278
		279	User namespaces are intended to be hierarchical. But they are currently
		280	only partially implemented. Each of those has ramifications for CFS.
		281
		282	First, since user namespaces are hierarchical, the /sys/kernel/uids
		283	presentation is inadequate. Eventually we will likely want to use sysfs
		284	tagging to provide private views of /sys/kernel/uids within each user
		285	namespace.
		286
		287	Second, the hierarchical nature is intended to support completely
		288	unprivileged use of user namespaces. So if using user groups, then
		289	we want the users in a user namespace to be children of the user
		290	who created it.
		291
		292	That is currently unimplemented. So instead, every user in a new
		293	user namespace will receive 1024 shares just like any user in the
		294	initial user namespace. Note that at the moment creation of a new
		295	user namespace requires each of CAP_SYS_ADMIN, CAP_SETUID, and
		296	CAP_SETGID.


diff --git a/kernel/user.c b/kernel/user.c index 6c924bc48c08..6608a3d8ca61 100644 --- a/kernel/user.c +++ b/kernel/user.c
@@ -239,7 +239,13 @@ static struct kobj_type uids_ktype = {
239	.release = uids_release,	239	.release = uids_release,
240	};	240	};
241		241
242	/* create /sys/kernel/uids/<uid>/cpu_share file for this user */	242	/*
		243	* Create /sys/kernel/uids/<uid>/cpu_share file for this user
		244	* We do not create this file for users in a user namespace (until
		245	* sysfs tagging is implemented).
		246	*
		247	* See Documentation/scheduler/sched-design-CFS.txt for ramifications.
		248	*/
243	static int uids_user_create(struct user_struct *up)	249	static int uids_user_create(struct user_struct *up)
244	{	250	{
245	struct kobject *kobj = &up->kobj;	251	struct kobject *kobj = &up->kobj;