[PATCH v2] cgroup/cpuset: Clarify the delegation rules of partition
From: Waiman Long
Date: Tue Apr 28 2026 - 14:12:53 EST
Creation of remote partition is currently not allowed without privilege.
On the other hand, creation of local partition is allowed without
privilege as long as its parent is also a partition root.
The current setup allows a delegator to delegate an exclusive set of
CPUs to the delegatee by making the root of a delegated sub-hierarchy
a partition root. The delegatee is then allowed to create a local
sub-partition underneath it if necessary. Creation of a remote
partition is not currently allowed across delegation boundary without
privilege. Clarify the partition delegation rules by stating the current
behavior in cgroup-v2.rst file.
Signed-off-by: Waiman Long <longman@xxxxxxxxxx>
---
Documentation/admin-guide/cgroup-v2.rst | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/Documentation/admin-guide/cgroup-v2.rst b/Documentation/admin-guide/cgroup-v2.rst
index 6efd0095ed99..5b4ebde6fffe 100644
--- a/Documentation/admin-guide/cgroup-v2.rst
+++ b/Documentation/admin-guide/cgroup-v2.rst
@@ -2599,8 +2599,7 @@ Cpuset Interface Files
cpuset.cpus.partition
A read-write single value file which exists on non-root
- cpuset-enabled cgroups. This flag is owned by the parent cgroup
- and is not delegatable.
+ cpuset-enabled cgroups.
It accepts only the following input values when written to.
@@ -2708,6 +2707,15 @@ Cpuset Interface Files
their parent is switched back to a partition root with a proper
value in "cpuset.cpus" or "cpuset.cpus.exclusive".
+ This file is owned by the parent cgroup and is not delegatable.
+ The delegator can delegate an exclusive set of CPUs to the
+ delegatee by making the root of a delegated sub-hierarchy a
+ partition root. The delegatee is then allowed to create a local
+ sub-partition underneath it if needed. The delegator should
+ not set "cpuset.cpus.exclusive" at the root without making it
+ a partition root as the creation of remote partition is not
+ allowed without privilege.
+
Poll and inotify events are triggered whenever the state of
"cpuset.cpus.partition" changes. That includes changes caused
by write to "cpuset.cpus.partition", cpu hotplug or other
--
2.53.0