• Aleksa Sarai's avatar
    cgroup: allow a cgroup subsystem to reject a fork · 7e47682e
    Aleksa Sarai authored
    Add a new cgroup subsystem callback can_fork that conditionally
    states whether or not the fork is accepted or rejected by a cgroup
    policy. In addition, add a cancel_fork callback so that if an error
    occurs later in the forking process, any state modified by can_fork can
    be reverted.
    
    Allow for a private opaque pointer to be passed from cgroup_can_fork to
    cgroup_post_fork, allowing for the fork state to be stored by each
    subsystem separately.
    
    Also add a tagging system for cgroup_subsys.h to allow for CGROUP_<TAG>
    enumerations to be be defined and used. In addition, explicitly add a
    CGROUP_CANFORK_COUNT macro to make arrays easier to define.
    
    This is in preparation for implementing the pids cgroup subsystem.
    Signed-off-by: default avatarAleksa Sarai <cyphar@cyphar.com>
    Signed-off-by: default avatarTejun Heo <tj@kernel.org>
    7e47682e
fork.c 50.4 KB