| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <50340110.50607@redhat.com> Date: Tue, 21 Aug 2012 23:43:44 +0200 From: Lennart Poettering <lpoetter@...hat.com> To: Tejun Heo <tj@...nel.org> CC: aris@...hat.com, linux-kernel@...r.kernel.org, cgroups@...r.kernel.org, Li Zefan <lizefan@...wei.com>, Hugh Dickins <hughd@...gle.com>, Hillf Danton <dhillf@...il.com> Subject: Re: [PATCH v6 3/4] cgroup: add xattr support Heya, (sorry for the late reply) On 16.08.2012 22:00, Tejun Heo wrote: > On Thu, Aug 16, 2012 at 01:44:56PM -0400, aris@...hat.com wrote: >>> Attaching meta information to services, in an easily discoverable >>> way. For example, in systemd we create one cgroup for each service, and >>> could then store data like the main pid of the specific service as an >>> xattr on the cgroup itself. That way we'd have almost all service state >>> in the cgroupfs, which would make it possible to terminate systemd and >>> later restart it without losing any state information. But there's more: >>> for example, some very peculiar services cannot be terminated on >>> shutdown (i.e. fakeraid DM stuff) and it would be really nice if the >>> services in question could just mark that on their cgroup, by setting an >>> xattr. On the more desktopy side of things there are other >>> possibilities: for example there are plans defining what an application >>> is along the lines of a cgroup (i.e. an app being a collection of >>> processes). With xattrs one could then attach an icon or human readable >>> program name on the cgroup. >>> >>> The key idea is that this would allow attaching runtime meta information >>> to cgroups and everything they model (services, apps, vms), that doesn't >>> need any complex userspace infrastructure, has good access control >>> (i.e. because the file system enforces that anyway, and there's the >>> "trusted." xattr namespace), notifications (inotify), and can easily be >>> shared among applications. > > I'm not against this but unsure whether using kmem is enough for the > suggested use case. Lennart, would this suit systemd? How much > metadata are we talking about? Just small things, like values, PIDs, i.e. a few 100 bytes or so per cgroup should be more than sufficient for our needs. Lennart -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists