Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 19ec2567 authored by Aristeu Rozanski's avatar Aristeu Rozanski Committed by Tejun Heo
Browse files

cgroup: add documentation on extended attributes usage 



v2: update cgroups.txt instead of creating a new file

Cc: Tejun Heo <tj@kernel.org>
Cc: Hugh Dickins <hughd@google.com>
Cc: Hillf Danton <dhillf@gmail.com>
Cc: Lennart Poettering <lpoetter@redhat.com>
Acked-by: default avatarLi Zefan <lizefan@huawei.com>
Signed-off-by: default avatarAristeu Rozanski <aris@redhat.com>
Signed-off-by: default avatarTejun Heo <tj@kernel.org>
parent a1a71b45

Documentation/cgroups/cgroups.txt

+22 −2
Original line number Diff line number Diff line
@@ -29,7 +29,8 @@ CONTENTS: 
  3.1 Overview

  3.2 Synchronization

  3.3 Subsystem API

4. Questions

4. Extended attributes usage

5. Questions



1. Control Groups

=================
@@ -650,7 +651,26 @@ and root cgroup. Currently this will only involve movement between 
the default hierarchy (which never has sub-cgroups) and a hierarchy

that is being created/destroyed (and hence has no sub-cgroups).



4. Questions

4. Extended attribute usage

===========================



cgroup filesystem supports certain types of extended attributes in its

directories and files.  The current supported types are:

	- Trusted (XATTR_TRUSTED)

	- Security (XATTR_SECURITY)



Both require CAP_SYS_ADMIN capability to set.



Like in tmpfs, the extended attributes in cgroup filesystem are stored

using kernel memory and it's advised to keep the usage at minimum.  This

is the reason why user defined extended attributes are not supported, since

any user can do it and there's no limit in the value size.



The current known users for this feature are SELinux to limit cgroup usage

in containers and systemd for assorted meta data like main PID in a cgroup

(systemd creates a cgroup per service).



5. Questions

============



Q: what's up with this '/bin/echo' ?