Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp576999rwe;
        Fri, 26 Aug 2022 10:08:00 -0700 (PDT)
X-Google-Smtp-Source: AA6agR5PBX3PLtyYYjWYM/eOaZp1KkkwL9Mw+XgEAHrZKR6hWcrn3sWhiUWIGt5HAfY7qKBw/WGy
X-Received: by 2002:a17:902:db0d:b0:172:925f:3c78 with SMTP id m13-20020a170902db0d00b00172925f3c78mr4409656plx.157.1661533680063;
        Fri, 26 Aug 2022 10:08:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1661533680; cv=none;
        d=google.com; s=arc-20160816;
        b=qiXZ7e+pXLNQ2EgVkzdFnRVsflyXy5B11alRiOGh/dLH7WshtYuZTKGhFdeztrD8gu
         14VEnL+iwlMb3lF3LSoIVrh5xeNYC3iJ/tAeVcuNKro5EYnavX9CAM7j8q0ee9sLm9Ho
         Z8Felt6D6FiJQp+5zA01fnGP/vgPMz0NObCCpScHTaPQiNvhqHu2+s3LlnQaHSk5K/oQ
         ICcNKcLBWv+Lz8Uw60wOae2o2TTZ26o/xrqG+7xWqg/ae4yPG99I4scoYVKqgILwBtuO
         fv8t9o5eU0vB5ZoEPWDjEfTHOzCUiy/4eeiQ0lrQ2FM0d3xSDKdj9GdHKcVJWffSc0Ia
         5q9A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=Hvh3ocNfi9tDUDY607bUOsG3YfmuEtYhO6IYXUHPG/Y=;
        b=mODKQn1rQ/TNwR6C2h229sakHstogTqfqwdpq6Fb9Hn7c3VRdqi7lC7Dp5Y7xcPJhn
         jy1tj1ZPyQbPsAYPZGfPsC2YR7Kn3jr4j6IfBnytVsqHzGs2EYz0vLPogFF/6PzAsvaH
         4WxvBCGWeDz/AqpL9mCwGYXaIL0IBfOrR6l6gIF+a1kAMzM6l9hidd7IyMJBLtmX9eV2
         0vNqYSP6V0r7GLNeEh9w8rn5o6nJCQw/ySgqIn9AnsAJbW6nSzBbc26KOxDK4Gqo1mm7
         LUEv2W7kLA0LbTadRP+i6U/IobgCLWBPqliM1YtjX/zPBT6NtY0lfEE9bEoZo/VZ9KWs
         YIIw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@suse.com header.s=susede1 header.b=iZPWN9zb;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id a37-20020a634d25000000b0042b72b95457si2115971pgb.416.2022.08.26.10.07.49;
        Fri, 26 Aug 2022 10:08:00 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.com header.s=susede1 header.b=iZPWN9zb;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S240638AbiHZQxF (ORCPT <rfc822;andreykovskii@gmail.com>
        + 99 others); Fri, 26 Aug 2022 12:53:05 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57386 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S243496AbiHZQxB (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 26 Aug 2022 12:53:01 -0400
Received: from smtp-out1.suse.de (smtp-out1.suse.de [IPv6:2001:67c:2178:6::1c])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E74C96156;
        Fri, 26 Aug 2022 09:52:59 -0700 (PDT)
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by smtp-out1.suse.de (Postfix) with ESMTPS id 4E4863369A;
        Fri, 26 Aug 2022 16:52:58 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
        t=1661532778; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding;
        bh=Hvh3ocNfi9tDUDY607bUOsG3YfmuEtYhO6IYXUHPG/Y=;
        b=iZPWN9zbTtAeBhE6GPmrISfKZTKDyRDEBt/NCX6jxUD5aOCumahpiZpRRQZJG5sSstyR9V
        /CxenkC8LBSDzl0Q+lWiZZEEKR1HoAnVbCQkvVBEV8A9g9upAyc090FiUXaE4EB5ZKwDUj
        vA1rDztB+5zLeJtfleOJOBR6UpCuVXE=
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 0A8BB13A7E;
        Fri, 26 Aug 2022 16:52:58 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
        by imap2.suse-dmz.suse.de with ESMTPSA
        id 99GqAWr6CGMofAAAMHmgww
        (envelope-from <mkoutny@suse.com>); Fri, 26 Aug 2022 16:52:58 +0000
From:   =?UTF-8?q?Michal=20Koutn=C3=BD?= <mkoutny@suse.com>
To:     linux-kernel@vger.kernel.org, cgroups@vger.kernel.org,
        bpf@vger.kernel.org
Cc:     Tejun Heo <tj@kernel.org>, Aditya Kali <adityakali@google.com>,
        Serge Hallyn <serge.hallyn@canonical.com>,
        Roman Gushchin <roman.gushchin@linux.dev>,
        Yonghong Song <yhs@fb.com>,
        Muneendra Kumar <muneendra.kumar@broadcom.com>,
        Yosry Ahmed <yosryahmed@google.com>,
        Hao Luo <haoluo@google.com>
Subject: [PATCH 0/4] Honor cgroup namespace when resolving cgroup id
Date:   Fri, 26 Aug 2022 18:52:34 +0200
Message-Id: <20220826165238.30915-1-mkoutny@suse.com>
X-Mailer: git-send-email 2.37.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS,
        T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Cgroup id is becoming a new way for userspace how to refer to cgroups it
wants to act upon. As opposed to cgroupfs (paths, opened FDs), the
current approach does not reflect limited view by (non-init) cgroup
namespaces.

This patches don't aim to limit what a user can do (consider an uid=0 in
mere cgroup namespace) but to provide consistent view within a
namespace.

The series is based on bpf-next with the new cgroup_iter. I've only
boot-tested it (especially I didn't run the BPF selftest).

Michal Koutný (4):
  cgroup: Honor caller's cgroup NS when resolving path
  cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id
  cgroup: Homogenize cgroup_get_from_id() return value
  cgroup/bpf: Honor cgroup NS in cgroup_iter for ancestors

 block/blk-cgroup-fc-appid.c |  4 +--
 include/linux/cgroup.h      |  8 +++---
 kernel/bpf/cgroup_iter.c    |  9 ++++---
 kernel/cgroup/cgroup.c      | 53 ++++++++++++++++++++++++++++---------
 mm/memcontrol.c             |  4 +--
 5 files changed, 54 insertions(+), 24 deletions(-)


base-commit: 343949e10798a52c6d6a14effc962e010ed471ae
-- 
2.37.0