lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Sat, 17 Dec 2011 14:30:55 -0800
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	Stanislav Kinsbursky <skinsbursky@...allels.com>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	"mingo\@elte.hu" <mingo@...e.hu>,
	"a.p.zijlstra\@chello.nl" <a.p.zijlstra@...llo.nl>,
	Pavel Emelianov <xemul@...allels.com>,
	"drosenberg\@vsecurity.com" <drosenberg@...curity.com>,
	"linux-kernel\@vger.kernel.org" <linux-kernel@...r.kernel.org>,
	"eparis\@redhat.com" <eparis@...hat.com>,
	"bfields\@fieldses.org" <bfields@...ldses.org>,
	James Bottomley <jbottomley@...allels.com>,
	"devel\@openvz.org" <devel@...nvz.org>
Subject: Re: [PATCH 1/2] SYSCTL: root unregister routine introduced

Stanislav Kinsbursky <skinsbursky@...allels.com> writes:

> 13.12.2011 02:52, Andrew Morton пишет:
>> On Mon, 12 Dec 2011 21:50:00 +0300
>> Stanislav Kinsbursky<skinsbursky@...allels.com>  wrote:
>>
>>> This routine is required for SUNRPC sysctl's, which are going to be allocated,
>>> processed and destroyed per network namespace context.
>>> IOW, new sysctl root will be registered on network namespace creation and
>>> thus have to unregistered before network namespace destruction.
>>>
>>
>> It's a bit suspicious that such a mature subsystem as sysctl newly
>> needs its internals exported like this.  Either a) the net namespaces
>> work is doing something which hasn't been done before or b) it is doing
>> something wrong.
>>
>> So, please explain further so we can confirm that it is a) and not b).
>>
>
> Hello, Andrew.
> The goal is to provide an ability to control and modify data by sysctl's in
> network namespace context. This is done by "net" sysctl's.
> But there are two more issues to solve:
> 1) Sysctl's have to be in /proc/sys/sunrpc

The sysctl root has nothing to with what directory the files show up in,
so this should not be an issue.

> 2) Sysctl's content should be accessible from creator's network context (not
> current user ones's).

Making the sunrpc sysctls per network namespace would seem to address
this.    I don't see why you would need a new root to handle this case.

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ