lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 25 Aug 2008 17:54:39 -0700
From:	"Paul Menage" <menage@...gle.com>
To:	"Vivek Goyal" <vgoyal@...hat.com>
Cc:	righi.andrea@...il.com,
	"KAMEZAWA Hiroyuki" <kamezawa.hiroyu@...fujitsu.com>,
	"Balbir Singh" <balbir@...ux.vnet.ibm.com>,
	"linux kernel mailing list" <linux-kernel@...r.kernel.org>,
	"Dhaval Giani" <dhaval@...ux.vnet.ibm.com>,
	"Kazunaga Ikeno" <k-ikeno@...jp.nec.com>,
	"Morton Andrew Morton" <akpm@...ux-foundation.org>,
	"Thomas Graf" <tgraf@...hat.com>,
	"Ulrich Drepper" <drepper@...hat.com>
Subject: Re: [RFC] [PATCH -mm] cgroup: uid-based rules to add processes efficiently in the right cgroup

On Tue, Aug 19, 2008 at 5:57 AM, Vivek Goyal <vgoyal@...hat.com> wrote:
>
> Same thing will happen if we implement the daemon in user space. A task
> who does seteuid(), can be swept away to a different cgroup based on
> rules specified in /etc/cgrules.conf.

Yes, I'm not so keen on a daemon magically pulling things into a
cgroup based on uid either, for the same reasons.

But a user-space based solution can be much more flexible (e.g. easier
to configure it to only move tasks from certain source cgroups).

>
> What do you mean by risk? This is the policy set up by system admin and
> behaviour would seem consistent as per the policy. If an admin decides
> that tasks of user "apache" should run into /container/cpu/apache cgroup and
> if a "root" tasks does seteuid(apache), then it manes sense to move task
> to /container/cpu/apache.

The kind of unexpected behaviour I was imagining was when some other
daemon (e.g. ftpd?) unexpectedly does a setuid to one of the
magically-controlled users, and results in that daemon being pulled
into the specified cgroup. For something like cpu maybe that's mostly
benign (but what moves it back into its original group after it
switches back to root?) but for other subsystems it could be more
painful (memory, device access, etc).

>
> Exactly what kind of scenario do you have in mind when you want the policy
> to be enforced selectively based on task (tid)?

I was thinking of something like possibly a per-cgroup file (that also
affected child cgroups) rather than a global file. That would also
automatically handle multiple hierarchies.

Paul
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ