[PATCH 4/4] The control group itself

Paul Menage menage at google.com
Tue Feb 12 18:17:14 PST 2008


On Feb 12, 2008 9:21 AM, Serge E. Hallyn <serue at us.ibm.com> wrote:
>
> Paul (actually both Menage and Jackson :) do you have an opinion on
> this?  Are there sites which eg do 'chown -R some_user_id /cgroup/cpusets/'
> to have some non-root user be able to dole out cpusets?

We (Google) currently only do that for the tasks file, to allow users
to move their processes between cpusets/groups that they own.

> Is there any
> way it would be ok to have cgroup_file_write() check for CAP_SYS_ADMIN?

Sure, we could have flags in the subsys object for this kind of thing
that let particular subsystems request this.

Paul


More information about the Containers mailing list