As suggested by Tejun, the debug controller will be activated only when
the "cgroup_debug" option is specified in the kernel boot command line.
Hopefully, that will discourage people from using the debug controller
for any purpose other than cgroup core debugging.
Signed-off-by: Waiman Long <long...@redhat.com>
---
kernel/cgroup/debug.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/kernel/cgroup/debug.c b/kernel/cgroup/debug.c
index 82e5cbd..be901c0 100644
--- a/kernel/cgroup/debug.c
+++ b/kernel/cgroup/debug.c
@@ -320,3 +320,23 @@ struct cgroup_subsys debug_cgrp_subsys = {
.dfl_cftypes = debug_files,
.threaded = true,
};
+
+/*
+ * Disable the debug controller by hiding the debug cgroup control files
+ * if the kernel boot parameter "cgroup_debug" isn't set.
+ */
+static bool cgroup_debug_enable __initdata;
+static int __init enable_cgroup_debug(char *str)
+{
+ cgroup_debug_enable = true;
+ return 1;
+}
+__setup("cgroup_debug", enable_cgroup_debug);
+
+static int __init debug_init(void)
+{
+ if (!cgroup_debug_enable)
+ debug_files[0].name[0] = '\0';
+ return 0;
+}
+core_initcall(debug_init);
--
1.8.3.1
