| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Feb 2009 01:32:17 +0100 From: Ingo Molnar <mingo@...e.hu> To: Dave Hansen <dave@...ux.vnet.ibm.com> Cc: Andrew Morton <akpm@...ux-foundation.org>, linux-api@...r.kernel.org, containers@...ts.linux-foundation.org, hpa@...or.com, linux-kernel@...r.kernel.org, linux-mm@...ck.org, viro@...iv.linux.org.uk, mpm@...enic.com, tglx@...utronix.de, torvalds@...ux-foundation.org, xemul@...nvz.org, Nathan Lynch <nathanl@...tin.ibm.com> Subject: Re: What can OpenVZ do? * Dave Hansen <dave@...ux.vnet.ibm.com> wrote: > On Tue, 2009-02-17 at 23:23 +0100, Ingo Molnar wrote: > > * Dave Hansen <dave@...ux.vnet.ibm.com> wrote: > > > On Fri, 2009-02-13 at 11:53 +0100, Ingo Molnar wrote: > > > > In any case, by designing checkpointing to reuse the existing LSM > > > > callbacks, we'd hit multiple birds with the same stone. (One of > > > > which is the constant complaints about the runtime costs of the LSM > > > > callbacks - with checkpointing we get an independent, non-security > > > > user of the facility which is a nice touch.) > > > > > > There's a fundamental problem with using LSM that I'm seeing > > > now that I look at using it for file descriptors. The LSM > > > hooks are there to say, "No, you can't do this" and abort > > > whatever kernel operation was going on. That's good for > > > detecting when we do something that's "bad" for checkpointing. > > > > > > *But* it completely falls on its face when we want to find out > > > when we are doing things that are *good*. For instance, let's > > > say that we open a network socket. The LSM hook sees it and > > > marks us as uncheckpointable. What about when we close it? > > > We've become checkpointable again. But, there's no LSM hook > > > for the close side because we don't currently have a need for > > > it. > > > > Uncheckpointable should be a one-way flag anyway. We want this > > to become usable, so uncheckpointable functionality should be as > > painful as possible, to make sure it's getting fixed ... > > Again, as these patches stand, we don't support checkpointing > when non-simple files are opened. Basically, if a > open()/lseek() pair won't get you back where you were, we > don't deal with them. > > init does non-checkpointable things. If the flag is a one-way > trip, we'll never be able to checkpoint because we'll always > inherit init's ! checkpointable flag. > > To fix this, we could start working on making sure we can > checkpoint init, but that's practically worthless. i mean, it should be per process (per app) one-way flag of course. If the app does something unsupported, it gets non-checkpointable and that's it. Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists