• Aditya Kali's avatar
    cgroup: introduce cgroup namespaces · a79a908f
    Aditya Kali authored
    Introduce the ability to create new cgroup namespace. The newly created
    cgroup namespace remembers the cgroup of the process at the point
    of creation of the cgroup namespace (referred as cgroupns-root).
    The main purpose of cgroup namespace is to virtualize the contents
    of /proc/self/cgroup file. Processes inside a cgroup namespace
    are only able to see paths relative to their namespace root
    (unless they are moved outside of their cgroupns-root, at which point
     they will see a relative path from their cgroupns-root).
    For a correctly setup container this enables container-tools
    (like libcontainer, lxc, lmctfy, etc.) to create completely virtualized
    containers without leaking system level cgroup hierarchy to the task.
    This patch only implements the 'unshare' part of the cgroupns.
    Signed-off-by: default avatarAditya Kali <adityakali@google.com>
    Signed-off-by: default avatarSerge Hallyn <serge.hallyn@canonical.com>
    Signed-off-by: default avatarTejun Heo <tj@kernel.org>
    a79a908f
namespaces.c 4.1 KB