Add ability to enter a cgroup namespace
The cgroup namespacing feature was recently added to the linux kernel.
Allow jailed processes to be placed in to a new cgroup namespace. This
avoids leaking host info into the jailed process and allows for the
jailed process to use cgroups as it would if it was running outside of
any namespaces. Android needs this so its cgroup setting CTS tests can
pass and it can distribute its cpu shares between background and
foreground apps.
CQ-DEPEND=CL:356201
BUG=b/29259708
TEST=minijail0 -m '0 1000 100' -M '0 1000 100' -N /bin/bash
check that the cgroup namespace is different
check that a newly mounted cgroup FS is rooted at the parent's cgroup
Signed-off-by: Dylan Reid <dgreid@chromium.org>
(cherry picked from commit 4cbc2a522e1bc88424905bee32199af1c0fdbd20)
Change-Id: I346e7b88a1cd6a6b677fe06ca432ebd179d9ffaa
Reviewed-on: https://chromium-review.googlesource.com/360257
Commit-Ready: Dylan Reid <dgreid@chromium.org>
Tested-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
3 files changed
