From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 16 Mar 2022 15:31:24 +0000 (+0100)
Subject: docs: document the user.delegate xattr
X-Git-Tag: v251-rc1~135^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=200aa3583f0e29f30057f6b3e4c423323ad915a6;p=thirdparty%2Fsystemd.git

docs: document the user.delegate xattr
---

diff --git a/docs/CGROUP_DELEGATION.md b/docs/CGROUP_DELEGATION.md
index 926d16eef6e..8b14acf4eb5 100644
--- a/docs/CGROUP_DELEGATION.md
+++ b/docs/CGROUP_DELEGATION.md
@@ -253,6 +253,13 @@ So, if you want to do your own raw cgroups kernel level access, then allocate a
 scope unit, or a service unit (or just use the service unit you already have
 for your service code), and turn on delegation for it.
 
+The service manager sets the `user.delegate` extended attribute (readable via
+`getxattr(2)` and related calls) to the character `1` on cgroup directories
+where delegation is enabled (and removes it on those cgroups where it is
+not). This may be used by service programs to determine whether a cgroup tree
+was delegated to them. Note that this is only supported on kernels 5.6 and
+newer in combination with systemd 251 and newer.
+
 (OK, here's one caveat: if you turn on delegation for a service, and that
 service has `ExecStartPost=`, `ExecReload=`, `ExecStop=` or `ExecStopPost=`
 set, then these commands will be executed within the `.control/` sub-cgroup of