[PATCH v2 0/2] cgroups: add documentation on extended attributes and simple_xattr functions

[PATCH v2 0/2] cgroups: add documentation on extended attributes and simple_xattr functions

[Aristeu Rozanski]

cgroups: add documentation on extended attributes and simple_xattr functions

These patches add documentation on the new functions and current specific
cgroup usage.

v2: include Li Zefan's requested changes

Cc: Li Zefan <lizefan@huawei.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Hugh Dickins <hughd@google.com>
Cc: Hillf Danton <dhillf@gmail.com>
Cc: Lennart Poettering <lpoetter@redhat.com>
Signed-off-by: Aristeu Rozanski <aris@redhat.com>

-- 
Aristeu

[PATCH v2 1/2] cgroups: add documentation on extended attributes usage

[Aristeu Rozanski]

[-- Attachment #1: doc.patch --]
[-- Type: text/plain, Size: 1887 bytes --]

v2: update cgroups.txt instead of creating a new file

Cc: Li Zefan <lizefan@huawei.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Hugh Dickins <hughd@google.com>
Cc: Hillf Danton <dhillf@gmail.com>
Cc: Lennart Poettering <lpoetter@redhat.com>
Signed-off-by: Aristeu Rozanski <aris@redhat.com>

---
 Documentation/cgroups/cgroups.txt |   24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

Index: github/Documentation/cgroups/cgroups.txt
===================================================================
--- github.orig/Documentation/cgroups/cgroups.txt	2012-08-16 10:24:48.437596817 -0400
+++ github/Documentation/cgroups/cgroups.txt	2012-09-07 10:23:19.974357952 -0400
@@ -29,7 +29,8 @@
   3.1 Overview
   3.2 Synchronization
   3.3 Subsystem API
-4. Questions
+4. Extended attributes usage
+5. Questions
 
 1. Control Groups
 =================
@@ -650,7 +651,26 @@
 the default hierarchy (which never has sub-cgroups) and a hierarchy
 that is being created/destroyed (and hence has no sub-cgroups).
 
-4. Questions
+4. Extended attribute usage
+===========================
+
+cgroup filesystem supports certain types of extended attributes in its
+directories and files.  The current supported types are:
+	- Trusted (XATTR_TRUSTED)
+	- Security (XATTR_SECURITY)
+
+Both require CAP_SYS_ADMIN capability to set.
+
+Like in tmpfs, the extended attributes in cgroup filesystem are stored
+using kernel memory and it's advised to keep the usage at minimum.  This
+is the reason why user defined extended attributes are not supported, since
+any user can do it and there's no limit in the value size.
+
+The current known users for this feature are SELinux to limit cgroup usage
+in containers and systemd for assorted meta data like main PID in a cgroup
+(systemd creates a cgroup per service).
+
+5. Questions
 ============
 
 Q: what's up with this '/bin/echo' ?

[PATCH v2 2/2] fs: add missing documentation to simple_xattr functions

[Aristeu Rozanski]

[-- Attachment #1: simple_xattr_doc.txt --]
[-- Type: text/plain, Size: 1696 bytes --]

v2: add function documentation instead of adding a separate file under
    Documentation/

Cc: Li Zefan <lizefan@huawei.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Hugh Dickins <hughd@google.com>
Cc: Hillf Danton <dhillf@gmail.com>
Cc: Lennart Poettering <lpoetter@redhat.com>
Signed-off-by: Aristeu Rozanski <aris@redhat.com>

---
 fs/xattr.c |   18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

Index: github/fs/xattr.c
===================================================================
--- github.orig/fs/xattr.c	2012-09-11 14:48:12.648072176 -0400
+++ github/fs/xattr.c	2012-09-11 15:33:14.502770685 -0400
@@ -892,8 +892,19 @@
 
 }
 
-/*
- * xattr SET operation for in-memory/pseudo filesystems
+/**
+ * simple_xattr_set: xattr SET operation for in-memory/pseudo filesystems
+ * @xattrs: simple_xattr list
+ * @name: name of the new extended attribute
+ * @value: value of the new extended attribute. If NULL, will remove the
+ *	   attribute
+ * @flags: if XATTR_CREATE is set, no already existing extended attribute may
+ *	   exist. If XATTR_REPLACE is set, the extended attribute should exist.
+ *
+ * returns -ENOMEM for allocation failures, -EEXIST in case XATTR_CREATE is
+ *	   set in flags and an extended attribute with the same name exists,
+ *	   -ENODATA if XATTR_REPLACE is set in flags but no entry with the
+ *	   specified name exists.
  */
 int simple_xattr_set(struct simple_xattrs *xattrs, const char *name,
 		     const void *value, size_t size, int flags)
@@ -950,6 +961,9 @@
 	return used;
 }
 
+/*
+ * Adds an extended attribute to the list
+ */
 void simple_xattr_list_add(struct simple_xattrs *xattrs,
 			   struct simple_xattr *new_xattr)
 {

Re: [PATCH v2 0/2] cgroups: add documentation on extended attributes and simple_xattr functions

[Tejun Heo]

On Tue, Sep 11, 2012 at 04:28:09PM -0400, Aristeu Rozanski wrote:
> cgroups: add documentation on extended attributes and simple_xattr functions
> 
> These patches add documentation on the new functions and current specific
> cgroup usage.
> 
> v2: include Li Zefan's requested changes

Applied to for-3.7.  Thanks!

-- 
tejun

Re: [PATCH v2 1/2] cgroups: add documentation on extended attributes usage

[Li Zefan]

> v2: update cgroups.txt instead of creating a new file
> 
> Cc: Li Zefan <lizefan@huawei.com>
> Cc: Tejun Heo <tj@kernel.org>
> Cc: Hugh Dickins <hughd@google.com>
> Cc: Hillf Danton <dhillf@gmail.com>
> Cc: Lennart Poettering <lpoetter@redhat.com>
> Signed-off-by: Aristeu Rozanski <aris@redhat.com>
> 

Acked-by: Li Zefan <lizefan@huawei.com>

> ---
>  Documentation/cgroups/cgroups.txt |   24 ++++++++++++++++++++++--
>  1 file changed, 22 insertions(+), 2 deletions(-)

Re: [PATCH v2 2/2] fs: add missing documentation to simple_xattr functions

[Randy Dunlap]

On 09/11/2012 01:28 PM, Aristeu Rozanski wrote:


+/**
+ * simple_xattr_set: xattr SET operation for in-memory/pseudo filesystems

The format for the function name/description uses '-', not ':', as:

 * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems

+ * @xattrs: simple_xattr list
+ * @name: name of the new extended attribute
+ * @value: value of the new extended attribute. If NULL, will remove the
+ *	   attribute

Missing @size parameter description.

+ * @flags: if XATTR_CREATE is set, no already existing extended attribute may
+ *	   exist. If XATTR_REPLACE is set, the extended attribute should exist.
+ *
+ * returns -ENOMEM for allocation failures, -EEXIST in case XATTR_CREATE is
+ *	   set in flags and an extended attribute with the same name exists,
+ *	   -ENODATA if XATTR_REPLACE is set in flags but no entry with the
+ *	   specified name exists.
  */
 int simple_xattr_set(struct simple_xattrs *xattrs, const char *name,
 		     const void *value, size_t size, int flags)



-- 
~Randy

Re: [PATCH v2 2/2] fs: add missing documentation to simple_xattr functions

[Tejun Heo]

On Thu, Sep 13, 2012 at 11:02:14AM -0700, Randy Dunlap wrote:
> On 09/11/2012 01:28 PM, Aristeu Rozanski wrote:
> 
> 
> +/**
> + * simple_xattr_set: xattr SET operation for in-memory/pseudo filesystems
> 
> The format for the function name/description uses '-', not ':', as:
> 
>  * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems
> 
> + * @xattrs: simple_xattr list
> + * @name: name of the new extended attribute
> + * @value: value of the new extended attribute. If NULL, will remove the
> + *	   attribute
> 
> Missing @size parameter description.

Updated the patch in place accordingly.  Thanks.

>From 4895768b6aab55bbdbebcf2da090cb1a5ccf5463 Mon Sep 17 00:00:00 2001
From: Aristeu Rozanski <aris@redhat.com>
Date: Tue, 11 Sep 2012 16:28:11 -0400
Subject: [PATCH] fs: add missing documentation to simple_xattr functions

v2: add function documentation instead of adding a separate file under
    Documentation/

tj: Updated comment a bit and rolled in Randy's suggestions.

Cc: Li Zefan <lizefan@huawei.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Hugh Dickins <hughd@google.com>
Cc: Hillf Danton <dhillf@gmail.com>
Cc: Lennart Poettering <lpoetter@redhat.com>
Cc: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Aristeu Rozanski <aris@redhat.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
---
 fs/xattr.c |   18 ++++++++++++++++--
 1 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/fs/xattr.c b/fs/xattr.c
index e17e773..f053c11 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -892,8 +892,19 @@ out:
 
 }
 
-/*
- * xattr SET operation for in-memory/pseudo filesystems
+/**
+ * simple_xattr_set - xattr SET operation for in-memory/pseudo filesystems
+ * @xattrs: target simple_xattr list
+ * @name: name of the new extended attribute
+ * @value: value of the new xattr. If %NULL, will remove the attribute
+ * @size: size of the new xattr
+ * @flags: %XATTR_{CREATE|REPLACE}
+ *
+ * %XATTR_CREATE is set, the xattr shouldn't exist already; otherwise fails
+ * with -EEXIST.  If %XATTR_REPLACE is set, the xattr should exist;
+ * otherwise, fails with -ENODATA.
+ *
+ * Returns 0 on success, -errno on failure.
  */
 int simple_xattr_set(struct simple_xattrs *xattrs, const char *name,
 		     const void *value, size_t size, int flags)
@@ -950,6 +961,9 @@ ssize_t simple_xattr_list(struct simple_xattrs *xattrs, char *buffer,
 	return used;
 }
 
+/*
+ * Adds an extended attribute to the list
+ */
 void simple_xattr_list_add(struct simple_xattrs *xattrs,
 			   struct simple_xattr *new_xattr)
 {
-- 
1.7.7.3

Re: [PATCH v2 2/2] fs: add missing documentation to simple_xattr functions

[Aristeu Rozanski]

On Thu, Sep 13, 2012 at 11:11:24AM -0700, Tejun Heo wrote:
> Updated the patch in place accordingly.  Thanks.
> 
> From 4895768b6aab55bbdbebcf2da090cb1a5ccf5463 Mon Sep 17 00:00:00 2001
> From: Aristeu Rozanski <aris@redhat.com>
> Date: Tue, 11 Sep 2012 16:28:11 -0400
> Subject: [PATCH] fs: add missing documentation to simple_xattr functions
> 
> v2: add function documentation instead of adding a separate file under
>     Documentation/
> 
> tj: Updated comment a bit and rolled in Randy's suggestions.

Thanks Tejun, Randy

-- 
Aristeu