summaryrefslogtreecommitdiffstats
path: root/fs/proc
diff options
context:
space:
mode:
authorAditya Kali <adityakali@google.com>2016-01-29 09:54:06 +0100
committerTejun Heo <tj@kernel.org>2016-02-16 19:04:58 +0100
commita79a908fd2b080977b45bf103184b81c9d11ad07 (patch)
treefbfb2423937d1ff6ff72e5ca9fa852b0c8d7da98 /fs/proc
parentsched: new clone flag CLONE_NEWCGROUP for cgroup namespace (diff)
downloadlinux-a79a908fd2b080977b45bf103184b81c9d11ad07.tar.xz
linux-a79a908fd2b080977b45bf103184b81c9d11ad07.zip
cgroup: introduce cgroup namespaces
Introduce the ability to create new cgroup namespace. The newly created cgroup namespace remembers the cgroup of the process at the point of creation of the cgroup namespace (referred as cgroupns-root). The main purpose of cgroup namespace is to virtualize the contents of /proc/self/cgroup file. Processes inside a cgroup namespace are only able to see paths relative to their namespace root (unless they are moved outside of their cgroupns-root, at which point they will see a relative path from their cgroupns-root). For a correctly setup container this enables container-tools (like libcontainer, lxc, lmctfy, etc.) to create completely virtualized containers without leaking system level cgroup hierarchy to the task. This patch only implements the 'unshare' part of the cgroupns. Signed-off-by: Aditya Kali <adityakali@google.com> Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Tejun Heo <tj@kernel.org>
Diffstat (limited to 'fs/proc')
-rw-r--r--fs/proc/namespaces.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/proc/namespaces.c b/fs/proc/namespaces.c
index 276f12431dbf..72cb26f85d58 100644
--- a/fs/proc/namespaces.c
+++ b/fs/proc/namespaces.c
@@ -28,6 +28,9 @@ static const struct proc_ns_operations *ns_entries[] = {
&userns_operations,
#endif
&mntns_operations,
+#ifdef CONFIG_CGROUPS
+ &cgroupns_operations,
+#endif
};
static const char *proc_ns_get_link(struct dentry *dentry,