git.baikalelectronics.ru Git - kernel.git/commit

author	Aditya Kali <adityakali@google.com>
	Fri, 29 Jan 2016 08:54:06 +0000 (02:54 -0600)
committer	Tejun Heo <tj@kernel.org>
	Tue, 16 Feb 2016 18:04:58 +0000 (13:04 -0500)
commit	bd9694d6c00ebfbd0bc5fed367c330d80d1aabe2
tree	fbfb2423937d1ff6ff72e5ca9fa852b0c8d7da98	tree \| snapshot
parent	5d1cf68e725e353a1ca159280a375e16128654df	commit \| diff

cgroup: introduce cgroup namespaces

Introduce the ability to create new cgroup namespace. The newly created
cgroup namespace remembers the cgroup of the process at the point
of creation of the cgroup namespace (referred as cgroupns-root).
The main purpose of cgroup namespace is to virtualize the contents
of /proc/self/cgroup file. Processes inside a cgroup namespace
are only able to see paths relative to their namespace root
(unless they are moved outside of their cgroupns-root, at which point
they will see a relative path from their cgroupns-root).
For a correctly setup container this enables container-tools
(like libcontainer, lxc, lmctfy, etc.) to create completely virtualized
containers without leaking system level cgroup hierarchy to the task.
This patch only implements the 'unshare' part of the cgroupns.

Signed-off-by: Aditya Kali <adityakali@google.com>
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Tejun Heo <tj@kernel.org>

fs/proc/namespaces.c		diff \| blob \| history
include/linux/cgroup.h		diff \| blob \| history
include/linux/nsproxy.h		diff \| blob \| history
include/linux/proc_ns.h		diff \| blob \| history
kernel/cgroup.c		diff \| blob \| history
kernel/cpuset.c		diff \| blob \| history
kernel/fork.c		diff \| blob \| history
kernel/nsproxy.c		diff \| blob \| history