TODO: note cgroup.kill and memfd_secret

2024-07-08 20:15:55 +00:00 · 2021-07-12 22:47:59 +01:00 · 2021-07-12 22:47:59 +01:00 · 8b213bf12e
commit 8b213bf12e
parent b1f8d02557
1 changed files with 3 additions and 0 deletions
--- a/3
+++ b/3
@ -262,6 +262,8 @@ Features:

 * pid1: support new clone3() fork-into-cgroup feature

+* pid1: support new cgroup.kill to terminate all processes in a cgroup
+
 * pid1: also remove PID files of a service when the service starts, not just
  when it exits

@ -425,6 +427,7 @@ Features:
 * paranoia: whenever we process passwords, call mlock() on the memory
  first. i.e. look for all places we use free_and_erasep() and
  augment them with mlock(). Also use MADV_DONTDUMP.
+  Alternatively (preferably?) use memfd_secret().

 * Move RestrictAddressFamily= to the new cgroup create socket