| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 May 2010 19:42:20 +0200 From: Dhaval Giani <dhaval.giani@...il.com> To: James Kosin <jkosin@...comgrp.com> Cc: Jan Safranek <jsafrane@...hat.com>, Peter Zijlstra <peterz@...radead.org>, linux-kernel@...r.kernel.org, menage@...gle.com, balbir@...ux.vnet.ibm.com, lennart@...ttering.net, tglx@...utronix.de Subject: Re: [PATCH/RFC] Have sane default values for cpusets On Wed, May 12, 2010 at 7:38 PM, James Kosin <jkosin@...comgrp.com> wrote: > On 5/12/2010 10:40 AM, Jan Safranek wrote: > > On 05/12/2010 04:20 PM, Peter Zijlstra wrote: > > On Wed, 2010-05-12 at 16:13 +0200, Dhaval Giani wrote: > > What you are saying is that an application > programmer who wants to just use memory cgroups should also care about > cpusets and just about countless other cgroup subsystems that can > exist. > > That's exactly what he says if he mounts them together. > > No, the programmer does not mount anything. Programmer writes application > which wants to create a subgroup. System admin is the one who decides what > is mounted how. And the programmer (=me) needs a way how to reliably create > a subgroup, without knowing details about all controllers. E.g. 'blkio' > controller is quite new one, old applications do now know anything about it, > yet according to your idea, the application *must* provide sane defaults to > it. > > Jan > > > Jan, > > I think sane defaults should be enforced only if the application actively > uses the device. Your right in that you don't want to have to guess as to > which devices are mounted as long as you don't touch the devices that aren't > mounted everything should be okay and work for the specific device or mount > you are working with (which by the way you need to know!!!).... > I seem to get the impression that there is a miscommunication here. We are talking about the cgroups feature here (more details are available at http://www.mjmwired.net/kernel/Documentation/cgroups.txt ). We really are not talking about devices, but about specific cgroup subsystems which can be mounted together, and are not under the control of the programmer. > PS: Providing a set of defaults on creation may lead to a security > problem... just an afterthought. > Which is why you have *sane* defaults. Dhaval -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists