| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201112041558.pB4Fw1tn002287@xs8.xs4all.nl> Date: Sun, 4 Dec 2011 16:58:01 +0100 From: "Miquel van Smoorenburg" <mikevs@...all.net> To: daniel.lezcano@...e.fr Cc: linux-kernel@...r.kernel.org Subject: Re: [PATCH 1/1][v2] Add reboot_pid_ns to handle the reboot syscall In article <xs4all.1322956280-13831-2-git-send-email-daniel.lezcano@...e.fr> you write: >This patch propose to store the reboot value in the 16 upper bits of the >exit code from the processes belonging to a pid namespace which has >rebooted. When the reboot syscall is called and we are not in the initial >pid namespace, we kill the pid namespace. Should there be a way to find out if the reboot systemcall is containerized or not (other than comparing kernel versions once this is mainlined) ? For example, a tool like lxc-start might want to disable CAP_SYS_REBOOT if the reboot system call is not containerized. Perhaps a LINUX_REBOOT_CMD_ISCONTAINER (or ISVIRTUAL, whatever, bikeshed away) should be added that simply returns 0 if sys_reboot is containerized. It would return -EINVAL as it does today if it's not. Thoughts ? Mike. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists