On Mon, Aug 18, 2025 at 10:04:21AM +0100, Djalal Harouni wrote: > This patch series add support to write cgroup interfaces from BPF. > > It is useful to freeze a cgroup hierarchy on suspicious activity for > a more thorough analysis before killing it. Planned users of this > feature are: systemd and BPF tools where the cgroup hierarchy could > be a system service, user session, k8s pod or a container. > > The writing happens via kernfs nodes and the cgroup must be on the > default hierarchy. It implements the requests and feedback from v1 [1] > where now we use a unified path for cgroup user space and BPF writing. > > So I want to validate that this is the right approach first.
I don't see any reason to object to the feature but the way it's constructed seems rather odd to me. If it's going to need per-feature code, might as well bypass the write part and implement a simpler interface - ie. bpf_cgroup_freeze(). Otherwise, can't it actually write to kernfs files so that we don't need to add code per enabled feature? Thanks. -- tejun
