Re: [patch 03/15] cgroup: dont call vfs_mkdir

[Paul Menage]

On Mon, May 5, 2008 at 2:54 AM, Miklos Szeredi <miklos@xxxxxxxxxx> wrote:
> From: Miklos Szeredi <mszeredi@xxxxxxx>
>
>  cgroup_clone() calls vfs_mkdir() to create a directory in the cgroup
>  filesystem.  Replace with explicit call to cgroup_mkdir() and
>  fsnotify_mkdir().
>
>  This is equivalent, except that the following functions are not called
>  before cgroup_mkdir():
>
>   - may_create()
>   - security_inode_mkdir()
>   - DQUOT_INIT()
>
>  Permission to clone the cgroup has already been checked in
>  copy_namespaces() (requiring CAP_SYS_ADMIN).  Additional file system
>  related capability checks are inappropriate and confusing.
>
>  The quota check is unnecessary, as quotas don't make any sense for
>  this filesystem.
>
>  Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxx>
>  CC: Paul Menage <menage@xxxxxxxxxx>

This looks like it behaves correctly, but I don't really have any view
on whether the change is the right thing to do - I'll leave that to
the VFS gurus. FWIW, I'd regard cgroup_clone() as being outside the
filesystem rather than inside. It does have some knowledge of the
cgroupfs internals, but it tries to leave as much as possible up to
the real filesystem code.

Paul
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/