On Tue, Jul 23, 2013 at 01:16:06PM -0500, Serge Hallyn wrote: > We allow a task to change its own devices cgroup, or to change other tasks' > cgroups if it has CAP_SYS_ADMIN. > > Also allow task A to change task B's cgroup if task A has CAP_SYS_ADMIN > with respect to task B - meaning A is root in the same userns, or A > created B's userns.
As discussed multpile times, cgroup isn't gonna support delegating cgroup management directly into containers, so this doesn't really jive with where we're heading. Thanks. -- tejun -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
