On Wed, Jul 15, 2015 at 09:51:52PM +0530, Aravinda Prasad wrote:
> >> + } else if (task_active_pid_ns(current) != &init_pid_ns) {
> >
> > Why the pid namespace?
>
> This comes from my understanding of container -- having at least a
> separate PID namespace with processes inside a container grouped into a
> single perf_event cgroups subsystem.
>
> I know there are other ways to define a container, however, I thought I
> start with the above one.
Right, but you should at least mention this, preferably in a comment.
> >
> >> + /* Don't set event->cgrp if task belongs to root cgroup */
> >> + if (task_css_is_root(current, perf_event_cgrp_id))
> >> + return ret;
> >
> > So if you have the root perf_cgroup inside your container you can
> > escape?
>
> If we have root perf_cgroup inside the container then even if we set
> event->cgrp we will be including all processes in the system.
Yes, that's what I said. Why does that make sense?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
