| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Jan 2012 09:53:22 -0800 From: Tejun Heo <tj@...nel.org> To: Li Zefan <lizf@...fujitsu.com> Cc: LKML <linux-kernel@...r.kernel.org>, Cgroups <cgroups@...r.kernel.org>, Lennart Poettering <mzxreary@...inter.de>, Kay Sievers <kay.sievers@...y.org> Subject: Re: [PATCH 2/2] cgroup: add xattr support Hello, On Mon, Jan 16, 2012 at 04:07:05PM +0800, Li Zefan wrote: > This is one of the items in the plumber's wish list. > > For use cases: > > >> What would the use case be for this? > > > > Attaching meta information to services, in an easily discoverable > > way. For example, in systemd we create one cgroup for each service, and > > could then store data like the main pid of the specific service as an > > xattr on the cgroup itself. That way we'd have almost all service state > > in the cgroupfs, which would make it possible to terminate systemd and > > later restart it without losing any state information. But there's more: > > for example, some very peculiar services cannot be terminated on > > shutdown (i.e. fakeraid DM stuff) and it would be really nice if the > > services in question could just mark that on their cgroup, by setting an > > xattr. On the more desktopy side of things there are other > > possibilities: for example there are plans defining what an application > > is along the lines of a cgroup (i.e. an app being a collection of > > processes). With xattrs one could then attach an icon or human readable > > program name on the cgroup. > > > > The key idea is that this would allow attaching runtime meta information > > to cgroups and everything they model (services, apps, vms), that doesn't > > need any complex userspace infrastructure, has good access control > > (i.e. because the file system enforces that anyway, and there's the > > "trusted." xattr namespace), notifications (inotify), and can easily be > > shared among applications. > > > > Lennart > > Signed-off-by: Li Zefan <lizf@...fujitsu.com> Ummm... I don't feel too good about this. Why can't those extra information be kept somewhere else? Overloading cgroupfs as storage for essentially opaque userland information doesn't seem like a good idea to me. Thanks. -- tejun -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists