cgroup: allow a cgroup subsystem to reject a fork
authorAleksa Sarai <cyphar@cyphar.com>
Tue, 9 Jun 2015 11:32:09 +0000 (21:32 +1000)
committerTejun Heo <tj@kernel.org>
Tue, 14 Jul 2015 21:29:23 +0000 (17:29 -0400)
commit7e47682ea555e7c1edef1d8fd96e2aa4c12abe59
tree6012cbc180ae7d633be4ed2ff1f1f6f7f188c1a0
parentd770e558e21961ad6cfdf0ff7df0eb5d7d4f0754
cgroup: allow a cgroup subsystem to reject a fork

Add a new cgroup subsystem callback can_fork that conditionally
states whether or not the fork is accepted or rejected by a cgroup
policy. In addition, add a cancel_fork callback so that if an error
occurs later in the forking process, any state modified by can_fork can
be reverted.

Allow for a private opaque pointer to be passed from cgroup_can_fork to
cgroup_post_fork, allowing for the fork state to be stored by each
subsystem separately.

Also add a tagging system for cgroup_subsys.h to allow for CGROUP_<TAG>
enumerations to be be defined and used. In addition, explicitly add a
CGROUP_CANFORK_COUNT macro to make arrays easier to define.

This is in preparation for implementing the pids cgroup subsystem.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
include/linux/cgroup-defs.h
include/linux/cgroup.h
include/linux/cgroup_subsys.h
kernel/cgroup.c
kernel/cgroup_freezer.c
kernel/fork.c
kernel/sched/core.c