• T
    cgroup: disallow debug controller on the default hierarchy · 5533e011
    Tejun Heo 提交于
    The debug controller, as its name suggests, exposes cgroup core
    internals to userland to aid debugging.  Unfortunately, except for the
    name, there's no provision to prevent its usage in production
    configurations and the controller is widely enabled and mounted
    leaking internal details to userland.  Like most other debug
    information, the information exposed by debug isn't interesting even
    for debugging itself once the related parts are working reliably.
    
    This controller has no reason for existing.  This patch implements
    cgrp_dfl_root_inhibit_ss_mask which can suppress specific subsystems
    on the default hierarchy and adds the debug subsystem to it so that it
    can be gradually deprecated as usages move towards the unified
    hierarchy.
    Signed-off-by: NTejun Heo <tj@kernel.org>
    5533e011
cgroup.c 143.8 KB