user namespaces: document CFS behavior · tjh.dev/kernel@94d6a5f

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

user namespaces: document CFS behavior

Documented the currently bogus state of support for CFS user groups with
user namespaces. In particular, all users in a user namespace should be
children of the user which created the user namespace. This is yet to
be implemented.

Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>

Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>

authored by

Serge E. Hallyn and committed by

James Morris 17 years ago 94d6a5f7 7657d904

+28 -1

2 changed files

expand all

Documentation

scheduler

sched-design-CFS.txt

kernel

user.c

+21

Documentation/scheduler/sched-design-CFS.txt

··· 273 273 274 274 # #Launch gmplayer (or your favourite movie player) 275 275 # echo <movie_player_pid> > multimedia/tasks 276 + 277 + 8. Implementation note: user namespaces 278 + 279 + User namespaces are intended to be hierarchical. But they are currently 280 + only partially implemented. Each of those has ramifications for CFS. 281 + 282 + First, since user namespaces are hierarchical, the /sys/kernel/uids 283 + presentation is inadequate. Eventually we will likely want to use sysfs 284 + tagging to provide private views of /sys/kernel/uids within each user 285 + namespace. 286 + 287 + Second, the hierarchical nature is intended to support completely 288 + unprivileged use of user namespaces. So if using user groups, then 289 + we want the users in a user namespace to be children of the user 290 + who created it. 291 + 292 + That is currently unimplemented. So instead, every user in a new 293 + user namespace will receive 1024 shares just like any user in the 294 + initial user namespace. Note that at the moment creation of a new 295 + user namespace requires each of CAP_SYS_ADMIN, CAP_SETUID, and 296 + CAP_SETGID.

+7 -1

kernel/user.c

··· 239 239 .release = uids_release, 240 240 }; 241 241 242 - /* create /sys/kernel/uids/<uid>/cpu_share file for this user */ 242 + /* 243 + * Create /sys/kernel/uids/<uid>/cpu_share file for this user 244 + * We do not create this file for users in a user namespace (until 245 + * sysfs tagging is implemented). 246 + * 247 + * See Documentation/scheduler/sched-design-CFS.txt for ramifications. 248 + */ 243 249 static int uids_user_create(struct user_struct *up) 244 250 { 245 251 struct kobject *kobj = &up->kobj;