SAFE public projects git trees. - safe/jmp/linux-2.6/commit

author	Serge E. Hallyn <serue@us.ibm.com>
	Fri, 19 Oct 2007 06:39:45 +0000 (23:39 -0700)
committer	Linus Torvalds <torvalds@woody.linux-foundation.org>
	Fri, 19 Oct 2007 18:53:37 +0000 (11:53 -0700)
commit	858d72ead4864da0fb0b89b919524125ce998e27
tree	19ea321ca3b505efecb2053a829daf89a6a22529	tree \| snapshot
parent	846c7bb055747989891f5cd2bb6e8d56243ba1e7	commit \| diff

cgroups: implement namespace tracking subsystem

When a task enters a new namespace via a clone() or unshare(), a new cgroup
is created and the task moves into it.

This version names cgroups which are automatically created using
cgroup_clone() as "node_<pid>" where pid is the pid of the unsharing or
cloned process. (Thanks Pavel for the idea) This is safe because if the
process unshares again, it will create

/cgroups/(...)/node_<pid>/node_<pid>

The only possibilities (AFAICT) for a -EEXIST on unshare are

1. pid wraparound
2. a process fails an unshare, then tries again.

Case 1 is unlikely enough that I ignore it (at least for now). In case 2, the
node_<pid> will be empty and can be rmdir'ed to make the subsequent unshare()
succeed.

Changelog:
Name cloned cgroups as "node_<pid>".

[clg@fr.ibm.com: fix order of cgroup subsystems in init/Kconfig]
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Cc: Paul Menage <menage@google.com>
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

include/linux/cgroup_subsys.h		diff \| blob \| history
include/linux/nsproxy.h		diff \| blob \| history
init/Kconfig		diff \| blob \| history
kernel/Makefile		diff \| blob \| history
kernel/ns_cgroup.c	[new file with mode: 0644]	blob
kernel/nsproxy.c		diff \| blob \| history