lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1237635409.4667.186.camel@laptop>
Date:	Sat, 21 Mar 2009 12:36:49 +0100
From:	Peter Zijlstra <peterz@...radead.org>
To:	"Serge E. Hallyn" <serge@...lyn.com>
Cc:	"Serge E. Hallyn" <serue@...ibm.com>,
	Linux Containers <containers@...ts.osdl.org>, mingo@...e.hu,
	Bharata B Rao <bharata@...ux.vnet.ibm.com>,
	lkml <linux-kernel@...r.kernel.org>,
	Dhaval Giani <dhaval@...ux.vnet.ibm.com>
Subject: Re: [PATCH 1/1] introduce user_ns inheritance in user-sched

On Fri, 2009-03-20 at 21:46 -0500, Serge E. Hallyn wrote:
> Quoting Peter Zijlstra (peterz@...radead.org):
> > On Thu, 2009-03-19 at 16:16 -0500, Serge E. Hallyn wrote:
> > > In a kernel compiled with CONFIG_USER_SCHED=y, cpu shares are
> > > allocated according to uid.  Shares are specifiable under
> > > /sys/kernel/uids/<uid>/
> > > 
> > > In a kernel compiled with CONFIG_USER_NS=y, clone(2) with the
> > > CLONE_NEWUSER flag creates a new user namespace, and the newly
> > > cloned task will belong to uid 0 in the new user namespace.
> > 
> > We seem to be adding more and more stuff for USER_SCHED, is anybody
> > actually using that cruft?
> > 
> > How far along with cgroups are we to fully simulate that behaviour?
> > 
> > I think if we have a capable cgroup based replacement for USER_SCHED we
> > should axe it from the kernel, would save lots of code...
> 
> I didn't realize that was the plan.  Using PAM to move users
> around cgroups? 

Right, thing is, distro's will all want cgroup enabled, since that's the
latest fad :-), so this user sched thing will only be for people who
build their own kernels -- but I suspect most of those simply disable
all this group scheduling.

>  If so, then yeah that would simplify quite a bit
> of code.   Won't catch all setuid()s of course 

Right, so if we could somehow get a setuid notification hooked into
cgroups,.. not sure that would be worth the trouble though.

> - I don't know who uses USER_SCHED and if that would matter.

Right, me neither... I would just love to be able to cut all that code
out :-)


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ