linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Paul Menage" <menage@google.com>
To: "Vivek Goyal" <vgoyal@redhat.com>
Cc: "linux kernel mailing list" <linux-kernel@vger.kernel.org>,
	"Libcg Devel Mailing List" <libcg-devel@lists.sourceforge.net>,
	"Balbir Singh" <balbir@linux.vnet.ibm.com>,
	"Dhaval Giani" <dhaval@linux.vnet.ibm.com>,
	"Peter Zijlstra" <pzijlstr@redhat.com>,
	kamezawa.hiroyu@jp.fujitsu.com,
	"Kazunaga Ikeno" <k-ikeno@ak.jp.nec.com>,
	"Morton Andrew Morton" <akpm@linux-foundation.org>
Subject: Re: [RFC] How to handle the rules engine for cgroups
Date: Thu, 10 Jul 2008 02:07:11 -0700	[thread overview]
Message-ID: <6599ad830807100207q26cf2416qb8d38d1d715b5ba0@mail.gmail.com> (raw)
In-Reply-To: <20080701191126.GA17376@redhat.com>

Hi Vivek,

On Tue, Jul 1, 2008 at 12:11 PM, Vivek Goyal <vgoyal@redhat.com> wrote:
>
> - netlink is not a reliable protocol.
>        - Messages can be dropped and one can loose message. That means a
>          newly forked process might never go into right group as meant.

One way that you could avoid the unreliability would be to not use
netlink, but instead use cgroups itself.

What we're looking for is a way to easily distinguish between
processes that are in the right cgroups, and processes that might be
in the wrong cgroups. Additionally, we want the children of such
processes to inherit the same status until we've dealt with them, and
not be able to change their status themselves.

That sounds a bit like a cgroup. How about the following?

- create a cgroup subsystem called "setuid".

- have a uid_changed() hook called by sys_setuid() and friends; this
hook would simply attach current to the root cgroup in the "setuid"
hierarchy if it wasn't already in that cgroup (which can be determined
with a couple of dereferences from current and no locking, so not
slowing down the normal case).

- userspace uses this by:

mount the setuid hierarchy, e.g. at /mnt/setuid
create a child cgroup /mnt/setuid/processed
while true:
  wait for /mnt/setuid/tasks to be non-empty
  read a pid from /mnt/setuid/tasks
  move that pid to the appropriate cgroups in memory/cpu/etc
hierarchies if necessary
  move that pid to /mnt/setuid/processed/tasks

i.e. any pid in the root cgroup of the setuid hierarchy is one that
needs attention and may need to be moved to different cgroups

A couple of enhancements to make this more usable might include:

- adding an API (via a new syscall or an eventfd?) to wait for a
cgroup to be non-empty, to avoid having to poll /mnt/setuid/tasks more
than necessary

- allow the user to designate certain processes and their children as
uninteresting so that their setuid calls don't trigger them being
moved back to the root (perhaps indicated via membership of an
"ignored" cgroup in the setuid hierarchy?)

This should be more reliable than netlink since it doesn't involve
userspace having to keep up with a stream of events - we're not
queuing up events, we're just shifting process group memberships.

Similar approaches could be used for a "setgid" hierarchy and an
"execve" hierarchy.

Paul

  parent reply	other threads:[~2008-07-10  9:07 UTC|newest]

Thread overview: 60+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-07-01 19:11 [RFC] How to handle the rules engine for cgroups Vivek Goyal
2008-07-02  9:33 ` Kazunaga Ikeno
2008-07-03  1:19 ` KAMEZAWA Hiroyuki
2008-07-03 15:54   ` Vivek Goyal
2008-07-04  0:34     ` KAMEZAWA Hiroyuki
2008-07-04  3:17     ` Li Zefan
2008-07-08  9:35     ` Balbir Singh
2008-07-08 13:45       ` Vivek Goyal
2008-07-10  9:23     ` Paul Menage
2008-07-10 14:30       ` Vivek Goyal
2008-07-10 15:42         ` Dhaval Giani
2008-07-10 16:51         ` Paul Menage
2008-07-10 14:48       ` Rik van Riel
2008-07-10 15:40         ` Vivek Goyal
2008-07-10 15:56           ` Ulrich Drepper
2008-07-10 17:25             ` Rik van Riel
2008-07-10 17:39               ` Ulrich Drepper
2008-07-10 18:41                 ` Vivek Goyal
2008-07-10 22:29                   ` Ulrich Drepper
2008-07-11  0:55           ` KAMEZAWA Hiroyuki
2008-07-14 13:57             ` Vivek Goyal
2008-07-14 14:44               ` David Collier-Brown
2008-07-14 15:21                 ` Vivek Goyal
2008-07-17  7:05                   ` Kazunaga Ikeno
2008-07-17 13:47                     ` Vivek Goyal
     [not found]                       ` <20080717170717.GA3718@linux.vnet.ibm.com>
2008-07-18  8:12                         ` [Libcg-devel] " Dhaval Giani
2008-07-18 20:12                           ` Vivek Goyal
2008-08-17 10:33                   ` [RFC] [PATCH -mm] cgroup: uid-based rules to add processes efficiently in the right cgroup Andrea Righi
2008-08-18 12:35                     ` Vivek Goyal
2008-08-19 14:35                       ` righi.andrea
2008-08-18 21:05                     ` Paul Menage
2008-08-19 12:57                       ` Vivek Goyal
2008-08-26  0:54                         ` Paul Menage
2008-08-26 13:41                           ` Vivek Goyal
2008-08-26 14:35                             ` Balbir Singh
2008-08-26 15:04                               ` David Collier-Brown
2008-08-26 16:00                                 ` Vivek Goyal
2008-08-26 16:32                                   ` David Collier-Brown
2008-08-26 16:08                               ` Vivek Goyal
2008-09-04 18:25                             ` Paul Menage
2008-08-19 15:12                       ` righi.andrea
2008-08-26  0:55                         ` Paul Menage
2008-07-14 15:07             ` Re: [RFC] How to handle the rules engine for cgroups kamezawa.hiroyu
2008-07-10  9:07 ` Paul Menage [this message]
2008-07-10 14:06   ` Vivek Goyal
2008-07-10 16:41     ` Paul Menage
2008-07-10 17:19       ` Vivek Goyal
2008-07-10 17:27         ` [Libcg-devel] " Dhaval Giani
2008-07-10 14:33   ` Vivek Goyal
2008-07-10 16:46     ` Paul Menage
2008-07-10 17:18       ` [Libcg-devel] " Dhaval Giani
2008-07-10 17:30         ` Paul Menage
2008-07-10 17:44           ` Dhaval Giani
2008-07-10 15:49   ` Dhaval Giani
2008-07-18  9:52 ` KAMEZAWA Hiroyuki
2008-07-18 15:46   ` Paul Menage
2008-07-18 16:39   ` Balbir Singh
2008-07-18 18:55     ` Vivek Goyal
2008-07-18 23:05   ` kamezawa.hiroyu
2008-07-18 23:10   ` kamezawa.hiroyu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=6599ad830807100207q26cf2416qb8d38d1d715b5ba0@mail.gmail.com \
    --to=menage@google.com \
    --cc=akpm@linux-foundation.org \
    --cc=balbir@linux.vnet.ibm.com \
    --cc=dhaval@linux.vnet.ibm.com \
    --cc=k-ikeno@ak.jp.nec.com \
    --cc=kamezawa.hiroyu@jp.fujitsu.com \
    --cc=libcg-devel@lists.sourceforge.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pzijlstr@redhat.com \
    --cc=vgoyal@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).