lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 2 Jul 2009 08:26:59 -0500
From:	"Serge E. Hallyn" <serue@...ibm.com>
To:	Li Zefan <lizf@...fujitsu.com>
Cc:	Paul Menage <menage@...gle.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	LKML <linux-kernel@...r.kernel.org>,
	Linux Containers <containers@...ts.linux-foundation.org>
Subject: Re: [PATCH][BUGFIX] cgroups: fix pid namespace bug

Quoting Li Zefan (lizf@...fujitsu.com):
> Paul Menage wrote:
> > On Wed, Jul 1, 2009 at 7:17 PM, Li Zefan<lizf@...fujitsu.com> wrote:
> >> But I guess we are going to fix the bug for 2.6.31? So is it ok to
> >> merge a new feature 'cgroup.procs' together into 2.6.31?
> >>
> > 
> > Does this bug really need to be fixed for 2.6.31? I didn't think that
> > the namespace support in mainline was robust enough yet for people to
> > use them for virtual servers in production environments.

I don't know where the bar is for 'production environments', but I'd
have to claim that pid namespaces are there...

> If so, it's ok for me. Unless someone else has objections. Serge?

Well, on the one hand it's not a horrible bug in that at least it
won't crash the kernel.  But what bugs me is that there is no
workaround for userspace, no way for an admin to know that if he
does for t in `cat /cgroup/victim/tasks`; do kill $t; done he
won't kill his mysql server.

I think that's a bad enough risk to make it worth trying to push
Li's patch.  Surely changing Ben's procs file should be pretty
trivial to rebase?

thanks,
-serge
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ