| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Apr 2014 20:22:45 -0400 From: Vivek Goyal <vgoyal@...hat.com> To: Andy Lutomirski <luto@...capital.net> Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, cgroups@...r.kernel.org, Network Development <netdev@...r.kernel.org>, "David S. Miller" <davem@...emloft.net>, Tejun Heo <tj@...nel.org>, Simo Sorce <ssorce@...hat.com>, lpoetter@...hat.com, kay@...hat.com, dwalsh@...hat.com Subject: Re: [PATCH 1/2] net: Implement SO_PEERCGROUP On Tue, Apr 15, 2014 at 02:54:02PM -0700, Andy Lutomirski wrote: > On Tue, Apr 15, 2014 at 2:15 PM, Vivek Goyal <vgoyal@...hat.com> wrote: > > Implement SO_PEERCGROUP along the lines of SO_PEERCRED. This returns the > > cgroup of first mounted hierarchy of the task. For the case of client, > > it represents the cgroup of client at the time of opening the connection. > > After that client cgroup might change. > > > > This works only for unix stream sockets. > > I still don't understand why this is useful when SCM_CGROUP exists. I think this is more lightweight as compared to SCM_CGROUP. Information is stored per connection as opposed to per message. So if user space has created a system where unpriviliged processed have been locked in cgroups and they can't escape those cgroups, then SO_PEERCRED should be sufficient and one does not have to use SCM_CGROUP. Thanks Vivek -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists