30 Jun
2023
30 Jun
'23
6:42 p.m.
On Thu, Jun 29, 2023 at 08:11:33AM -0400, Waiman Long longman@redhat.com wrote:
Another fact about cpuset controller enabling is that both cpus_allowed and mems_allowed are empty at that point. You may also add these checks as a preconditions for disabling the security_task_setscheduler check.
I considered relying on that, however, there is more generic case when migrating between two sibling that should be allowed in v2 too. See the added test_cpuset_perms_object(). (Admittedly, it doesn't stress the case when the two siblings had different CPUs but it could.)
Anyway, let's move on to v2 (where I addressed remaining comments).
Thanks, Michal