aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Documentation/cgroups/cgroups.txt24
1 files changed, 22 insertions, 2 deletions
diff --git a/Documentation/cgroups/cgroups.txt b/Documentation/cgroups/cgroups.txt
index 4a0b64c605fc..004fd5a09e12 100644
--- a/Documentation/cgroups/cgroups.txt
+++ b/Documentation/cgroups/cgroups.txt
@@ -29,7 +29,8 @@ CONTENTS:
29 3.1 Overview 29 3.1 Overview
30 3.2 Synchronization 30 3.2 Synchronization
31 3.3 Subsystem API 31 3.3 Subsystem API
324. Questions 324. Extended attributes usage
335. Questions
33 34
341. Control Groups 351. Control Groups
35================= 36=================
@@ -650,7 +651,26 @@ and root cgroup. Currently this will only involve movement between
650the default hierarchy (which never has sub-cgroups) and a hierarchy 651the default hierarchy (which never has sub-cgroups) and a hierarchy
651that is being created/destroyed (and hence has no sub-cgroups). 652that is being created/destroyed (and hence has no sub-cgroups).
652 653
6534. Questions 6544. Extended attribute usage
655===========================
656
657cgroup filesystem supports certain types of extended attributes in its
658directories and files. The current supported types are:
659 - Trusted (XATTR_TRUSTED)
660 - Security (XATTR_SECURITY)
661
662Both require CAP_SYS_ADMIN capability to set.
663
664Like in tmpfs, the extended attributes in cgroup filesystem are stored
665using kernel memory and it's advised to keep the usage at minimum. This
666is the reason why user defined extended attributes are not supported, since
667any user can do it and there's no limit in the value size.
668
669The current known users for this feature are SELinux to limit cgroup usage
670in containers and systemd for assorted meta data like main PID in a cgroup
671(systemd creates a cgroup per service).
672
6735. Questions
654============ 674============
655 675
656Q: what's up with this '/bin/echo' ? 676Q: what's up with this '/bin/echo' ?