cgroup: "cgroup.subtree_control" should be writeable by delegatee

"cgroup.subtree_control" determines which resource types a cgroup
wants to control.  Unlike actual resource knobs, this is an attribute
which belongs to the cgroup itself instead of its parent and thus
should be writeable by the delegatee in a delegated cgroup.

Update delegation documentation accordingly.

Signed-off-by: Tejun Heo <tj@kernel.org>
This commit is contained in:
Tejun Heo 2017-06-25 00:27:17 -04:00
parent b6053d40e3
commit 39fd64ae9f

View File

@ -309,10 +309,11 @@ file.
2-5-1. Model of Delegation
A cgroup can be delegated to a less privileged user by granting write
access of the directory and its "cgroup.procs" file to the user. Note
that resource control interface files in a given directory control the
distribution of the parent's resources and thus must not be delegated
along with the directory.
access of the directory and its "cgroup.procs" and
"cgroup.subtree_control" files to the user. Note that resource
control interface files in a given directory control the distribution
of the parent's resources and thus must not be delegated along with
the directory.
Once delegated, the user can build sub-hierarchy under the directory,
organize processes as it sees fit and further distribute the resources