From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754111AbbESIom (ORCPT ); Tue, 19 May 2015 04:44:42 -0400 Received: from mail-qk0-f180.google.com ([209.85.220.180]:36030 "EHLO mail-qk0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751903AbbESIoj (ORCPT ); Tue, 19 May 2015 04:44:39 -0400 MIME-Version: 1.0 X-Originating-IP: [5.101.106.105] In-Reply-To: <20150519080055.GA3644@twins.programming.kicks-ass.net> References: <1431960667-26593-1-git-send-email-cyphar@cyphar.com> <1431960667-26593-9-git-send-email-cyphar@cyphar.com> <20150519080055.GA3644@twins.programming.kicks-ass.net> Date: Tue, 19 May 2015 18:44:39 +1000 Message-ID: Subject: Re: [PATCH v12 8/8] cgroup: implement the PIDs subsystem From: Aleksa Sarai To: Peter Zijlstra Cc: Tejun Heo , lizefan@huawei.com, mingo@redhat.com, richard@nod.at, =?UTF-8?B?RnLDqWTDqXJpYyBXZWlzYmVja2Vy?= , linux-kernel@vger.kernel.org, cgroups@vger.kernel.org, Thomas Gleixner Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org >> However, it should be noted that organisational operations (adding and >> removing tasks from a PIDs hierarchy) will *not* be prevented. > > This is how you spell: broken controller. This has been discussed before. Organisational operations (i.e. attaching to a cgroup) are not to be blocked by a cgroup controller in the unified hierarchy. You simply can't escape out of a parent cgroup's limit through attaching to a child cgroup (because you will attach either before the fork checks against the cgroup [in which case the child's limit is followed -- which means you also follow the parent's limit] or after it checks [which means you'll hit the parent's limit and won't be able to fork]). -- Aleksa Sarai (cyphar) www.cyphar.com