diff options
| author | Lennart Poettering <lennart@poettering.net> | 2022-03-16 16:31:24 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2022-03-16 16:32:47 +0100 |
| commit | 200aa3583f0e29f30057f6b3e4c423323ad915a6 (patch) | |
| tree | 568937534f6af25dfdd7f38c08c34aaeeb82209d /docs/CGROUP_DELEGATION.md | |
| parent | cgroup: also indicate cgroup delegation state in user-accessible xattr (diff) | |
| download | systemd-200aa3583f0e29f30057f6b3e4c423323ad915a6.tar.xz systemd-200aa3583f0e29f30057f6b3e4c423323ad915a6.zip | |
docs: document the user.delegate xattr
Diffstat (limited to 'docs/CGROUP_DELEGATION.md')
| -rw-r--r-- | docs/CGROUP_DELEGATION.md | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/docs/CGROUP_DELEGATION.md b/docs/CGROUP_DELEGATION.md index 926d16eef6..8b14acf4eb 100644 --- a/docs/CGROUP_DELEGATION.md +++ b/docs/CGROUP_DELEGATION.md @@ -253,6 +253,13 @@ So, if you want to do your own raw cgroups kernel level access, then allocate a scope unit, or a service unit (or just use the service unit you already have for your service code), and turn on delegation for it. +The service manager sets the `user.delegate` extended attribute (readable via +`getxattr(2)` and related calls) to the character `1` on cgroup directories +where delegation is enabled (and removes it on those cgroups where it is +not). This may be used by service programs to determine whether a cgroup tree +was delegated to them. Note that this is only supported on kernels 5.6 and +newer in combination with systemd 251 and newer. + (OK, here's one caveat: if you turn on delegation for a service, and that service has `ExecStartPost=`, `ExecReload=`, `ExecStop=` or `ExecStopPost=` set, then these commands will be executed within the `.control/` sub-cgroup of |