| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Mar 2014 13:56:28 -0700 From: Andy Lutomirski <luto@...capital.net> To: Vivek Goyal <vgoyal@...hat.com>, linux-kernel@...r.kernel.org, cgroups@...r.kernel.org, netdev@...r.kernel.org, davem@...emloft.net, tj@...nel.org CC: ssorce@...hat.com, jkaluza@...hat.com, lpoetter@...hat.com, kay@...hat.com Subject: Re: [PATCH 0/2][V2] net: Implement SO_PEERCGROUP to get cgroup of peer On 03/12/2014 01:46 PM, Vivek Goyal wrote: > Hi, > > This is V2 of patches. Fixed the function format issue and also I was using > CONFIG_CGROUP instead of CONFIG_CGROUPS. That led to crash at boot. Fixed that. > > Some applications like sssd want to know the cgroup of connected peer over > unix stream socket. They want to use this information to map the cgroup to > the container client belongs to and then decide what kind of policies apply > on the container. > Can you explain what the use case is? My a priori opinion is that this is a terrible idea. cgroups are a nasty interface, and letting knowledge of cgroups leak into the programs that live in the groups (as opposed to the cgroup manager) seems like a huge mistake to me. If you want to know where in the process hierarchy a message sender is, add *that* and figure out how to fix the races (it shouldn't be that hard). --Andy -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists