Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ <at> public.gmane.org>
Subject: Re: [PATCH 0/2][V2] net: Implement SO_PEERCGROUP to get cgroup of peer
Newsgroups: gmane.linux.kernel.cgroups
Date: Wednesday 12th March 2014 20:56:28 UTC (over 3 years ago)
On 03/12/2014 01:46 PM, Vivek Goyal wrote:
> Hi,
> 
> This is V2 of patches. Fixed the function format issue and also I was
using
> CONFIG_CGROUP instead of CONFIG_CGROUPS. That led to crash at boot. Fixed
that.
> 
> Some applications like sssd want to know the cgroup of connected peer
over
> unix stream socket. They want to use this information to map the cgroup
to 
> the container client belongs to and then decide what kind of policies
apply
> on the container.
> 

Can you explain what the use case is?

My a priori opinion is that this is a terrible idea.  cgroups are a
nasty interface, and letting knowledge of cgroups leak into the programs
that live in the groups (as opposed to the cgroup manager) seems like a
huge mistake to me.

If you want to know where in the process hierarchy a message sender is,
add *that* and figure out how to fix the races (it shouldn't be that hard).

--Andy
 
CD: 4ms