diff options
-rw-r--r-- | Documentation/cgroups/cgroups.txt | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/Documentation/cgroups/cgroups.txt b/Documentation/cgroups/cgroups.txt index 4a0b64c605fc..004fd5a09e12 100644 --- a/Documentation/cgroups/cgroups.txt +++ b/Documentation/cgroups/cgroups.txt | |||
@@ -29,7 +29,8 @@ CONTENTS: | |||
29 | 3.1 Overview | 29 | 3.1 Overview |
30 | 3.2 Synchronization | 30 | 3.2 Synchronization |
31 | 3.3 Subsystem API | 31 | 3.3 Subsystem API |
32 | 4. Questions | 32 | 4. Extended attributes usage |
33 | 5. Questions | ||
33 | 34 | ||
34 | 1. Control Groups | 35 | 1. Control Groups |
35 | ================= | 36 | ================= |
@@ -650,7 +651,26 @@ and root cgroup. Currently this will only involve movement between | |||
650 | the default hierarchy (which never has sub-cgroups) and a hierarchy | 651 | the default hierarchy (which never has sub-cgroups) and a hierarchy |
651 | that is being created/destroyed (and hence has no sub-cgroups). | 652 | that is being created/destroyed (and hence has no sub-cgroups). |
652 | 653 | ||
653 | 4. Questions | 654 | 4. Extended attribute usage |
655 | =========================== | ||
656 | |||
657 | cgroup filesystem supports certain types of extended attributes in its | ||
658 | directories and files. The current supported types are: | ||
659 | - Trusted (XATTR_TRUSTED) | ||
660 | - Security (XATTR_SECURITY) | ||
661 | |||
662 | Both require CAP_SYS_ADMIN capability to set. | ||
663 | |||
664 | Like in tmpfs, the extended attributes in cgroup filesystem are stored | ||
665 | using kernel memory and it's advised to keep the usage at minimum. This | ||
666 | is the reason why user defined extended attributes are not supported, since | ||
667 | any user can do it and there's no limit in the value size. | ||
668 | |||
669 | The current known users for this feature are SELinux to limit cgroup usage | ||
670 | in containers and systemd for assorted meta data like main PID in a cgroup | ||
671 | (systemd creates a cgroup per service). | ||
672 | |||
673 | 5. Questions | ||
654 | ============ | 674 | ============ |
655 | 675 | ||
656 | Q: what's up with this '/bin/echo' ? | 676 | Q: what's up with this '/bin/echo' ? |