cgroup: allow a cgroup subsystem to reject a fork
Add a new cgroup subsystem callback can_fork that conditionally states whether or not the fork is accepted or rejected by a cgroup policy. In addition, add a cancel_fork callback so that if an error occurs later in the forking process, any state modified by can_fork can be reverted. Allow for a private opaque pointer to be passed from cgroup_can_fork to cgroup_post_fork, allowing for the fork state to be stored by each subsystem separately. Also add a tagging system for cgroup_subsys.h to allow for CGROUP_<TAG> enumerations to be be defined and used. In addition, explicitly add a CGROUP_CANFORK_COUNT macro to make arrays easier to define. This is in preparation for implementing the pids cgroup subsystem. Signed-off-by:Aleksa Sarai <cyphar@cyphar.com> Signed-off-by:
Tejun Heo <tj@kernel.org>
Showing
- include/linux/cgroup-defs.h 9 additions, 1 deletioninclude/linux/cgroup-defs.h
- include/linux/cgroup.h 13 additions, 2 deletionsinclude/linux/cgroup.h
- include/linux/cgroup_subsys.h 23 additions, 0 deletionsinclude/linux/cgroup_subsys.h
- kernel/cgroup.c 71 additions, 2 deletionskernel/cgroup.c
- kernel/cgroup_freezer.c 1 addition, 1 deletionkernel/cgroup_freezer.c
- kernel/fork.c 15 additions, 2 deletionskernel/fork.c
- kernel/sched/core.c 1 addition, 1 deletionkernel/sched/core.c
Loading
Please register or sign in to comment