1 files changed, 21 insertions, 0 deletions
diff --git a/Documentation/scheduler/sched-design-CFS.txt b/Documentation/scheduler/sched-design-CFS.txt
index eb471c7a905e..8398ca4ff4ed 100644
--- a/Documentation/scheduler/sched-design-CFS.txt
+++ b/Documentation/scheduler/sched-design-CFS.txt
@@ -273,3 +273,24 @@ task groups and modify their CPU share using the "cgroups" pseudo filesystem.
        # #Launch gmplayer (or your favourite movie player)
        # echo <movie_player_pid> > multimedia/tasks
+8. Implementation note: user namespaces
+User namespaces are intended to be hierarchical.  But they are currently
+only partially implemented.  Each of those has ramifications for CFS.
+First, since user namespaces are hierarchical, the /sys/kernel/uids
+presentation is inadequate.  Eventually we will likely want to use sysfs
+tagging to provide private views of /sys/kernel/uids within each user
+namespace.
+Second, the hierarchical nature is intended to support completely
+unprivileged use of user namespaces.  So if using user groups, then
+we want the users in a user namespace to be children of the user
+who created it.
+That is currently unimplemented.  So instead, every user in a new
+user namespace will receive 1024 shares just like any user in the
+initial user namespace.  Note that at the moment creation of a new
+user namespace requires each of CAP_SYS_ADMIN, CAP_SETUID, and
+CAP_SETGID.

diff --git a/Documentation/scheduler/sched-design-CFS.txt b/Documentation/scheduler/sched-design-CFS.txt index eb471c7a905e..8398ca4ff4ed 100644 --- a/Documentation/scheduler/sched-design-CFS.txt +++ b/Documentation/scheduler/sched-design-CFS.txt
@@ -273,3 +273,24 @@ task groups and modify their CPU share using the "cgroups" pseudo filesystem.
273		273
274	# #Launch gmplayer (or your favourite movie player)	274	# #Launch gmplayer (or your favourite movie player)
275	# echo <movie_player_pid> > multimedia/tasks	275	# echo <movie_player_pid> > multimedia/tasks
		276
		277	8. Implementation note: user namespaces
		278
		279	User namespaces are intended to be hierarchical. But they are currently
		280	only partially implemented. Each of those has ramifications for CFS.
		281
		282	First, since user namespaces are hierarchical, the /sys/kernel/uids
		283	presentation is inadequate. Eventually we will likely want to use sysfs
		284	tagging to provide private views of /sys/kernel/uids within each user
		285	namespace.
		286
		287	Second, the hierarchical nature is intended to support completely
		288	unprivileged use of user namespaces. So if using user groups, then
		289	we want the users in a user namespace to be children of the user
		290	who created it.
		291
		292	That is currently unimplemented. So instead, every user in a new
		293	user namespace will receive 1024 shares just like any user in the
		294	initial user namespace. Note that at the moment creation of a new
		295	user namespace requires each of CAP_SYS_ADMIN, CAP_SETUID, and
		296	CAP_SETGID.