Hello,
On 8/25/25 19:48, Tejun Heo wrote:
Hello,
On Fri, Aug 22, 2025 at 07:16:15PM +0100, Djalal Harouni wrote: ...
I do realize taking the same usual path with write is the obvious thing, but we don't have the corresponding open context, and faking it seems more trouble than calling directly cgroup backends...
Allow me please to do it again directly on cgroup_base_file[] assuming it was Alexei suggestion and see how it looks.
I'm probably missing something but what prevents you from getting a dentry from kernfs_node and then calling vfs_open() on it and then do vfs_write() on the returned file?
If we include the open path then don't have the right context, first example in vfs_open() will use the wrong current cred context to perform permission checks, current could have dropped privileges while the cgroup hierarchy is still root owned...
The thing here is that the bpf program will be called from arbitrary paths, not a single pre-defined path/function were we could control the context...
If there are some fundamental reasons that we can't do something like that, let's go back to the simple approach where we just have bpf helpers for freezing and unfreezing cgroups outside of fs interface.
Alright, seems Alexei also agree on this. Thanks will prepare another version.
Also Tejun, could you please point me to extra cgroup or kernfs tests you run? much appreciated!
I'm afraid there isn't much outside what's in the selftest directory.
Ok, thank you!
Thanks.