diff options
author | Roman Gushchin <guro@fb.com> | 2017-12-13 19:49:03 +0000 |
---|---|---|
committer | Tejun Heo <tj@kernel.org> | 2017-12-13 12:53:49 -0800 |
commit | 4ad5a3217a193e933bc41168b000672417486c87 (patch) | |
tree | c1714e1b3b1d07655ececcc7185ed7b3bfd8881e /Documentation | |
parent | c2f31b79d510ec1a27138bdcf2d0ece1080be85e (diff) | |
download | lwn-4ad5a3217a193e933bc41168b000672417486c87.tar.gz lwn-4ad5a3217a193e933bc41168b000672417486c87.zip |
cgroup, docs: document cgroup v2 device controller
Add the corresponding section in cgroup v2 documentation.
Signed-off-by: Roman Gushchin <guro@fb.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: kernel-team@fb.com
Cc: cgroups@vger.kernel.org
Cc: linux-doc@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Tejun Heo <tj@kernel.org>
Diffstat (limited to 'Documentation')
-rw-r--r-- | Documentation/cgroup-v2.txt | 33 |
1 files changed, 29 insertions, 4 deletions
diff --git a/Documentation/cgroup-v2.txt b/Documentation/cgroup-v2.txt index 2cddab7efb20..d6efabb487e3 100644 --- a/Documentation/cgroup-v2.txt +++ b/Documentation/cgroup-v2.txt @@ -53,10 +53,11 @@ v1 is available under Documentation/cgroup-v1/. 5-3-2. Writeback 5-4. PID 5-4-1. PID Interface Files - 5-5. RDMA - 5-5-1. RDMA Interface Files - 5-6. Misc - 5-6-1. perf_event + 5-5. Device + 5-6. RDMA + 5-6-1. RDMA Interface Files + 5-7. Misc + 5-7-1. perf_event 6. Namespace 6-1. Basics 6-2. The Root and Views @@ -1429,6 +1430,30 @@ through fork() or clone(). These will return -EAGAIN if the creation of a new process would cause a cgroup policy to be violated. +Device controller +----------------- + +Device controller manages access to device files. It includes both +creation of new device files (using mknod), and access to the +existing device files. + +Cgroup v2 device controller has no interface files and is implemented +on top of cgroup BPF. To control access to device files, a user may +create bpf programs of the BPF_CGROUP_DEVICE type and attach them +to cgroups. On an attempt to access a device file, corresponding +BPF programs will be executed, and depending on the return value +the attempt will succeed or fail with -EPERM. + +A BPF_CGROUP_DEVICE program takes a pointer to the bpf_cgroup_dev_ctx +structure, which describes the device access attempt: access type +(mknod/read/write) and device (type, major and minor numbers). +If the program returns 0, the attempt fails with -EPERM, otherwise +it succeeds. + +An example of BPF_CGROUP_DEVICE program may be found in the kernel +source tree in the tools/testing/selftests/bpf/dev_cgroup.c file. + + RDMA ---- |