| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Aug 2012 17:02:34 -0700 From: ebiederm@...ssion.com (Eric W. Biederman) To: Lennart Poettering <lpoetter@...hat.com> Cc: Tejun Heo <tj@...nel.org>, aris@...hat.com, linux-kernel@...r.kernel.org, cgroups@...r.kernel.org, Li Zefan <lizefan@...wei.com>, Hugh Dickins <hughd@...gle.com>, Hillf Danton <dhillf@...il.com> Subject: Re: [PATCH v6 3/4] cgroup: add xattr support Lennart Poettering <lpoetter@...hat.com> writes: > Heya, > > (sorry for the late reply) > > On 16.08.2012 22:00, Tejun Heo wrote: >> On Thu, Aug 16, 2012 at 01:44:56PM -0400, aris@...hat.com wrote: > >>>> Attaching meta information to services, in an easily discoverable >>>> way. For example, in systemd we create one cgroup for each service, and >>>> could then store data like the main pid of the specific service as an >>>> xattr on the cgroup itself. That way we'd have almost all service state >>>> in the cgroupfs, which would make it possible to terminate systemd and >>>> later restart it without losing any state information. But there's more: >>>> for example, some very peculiar services cannot be terminated on >>>> shutdown (i.e. fakeraid DM stuff) and it would be really nice if the >>>> services in question could just mark that on their cgroup, by setting an >>>> xattr. On the more desktopy side of things there are other >>>> possibilities: for example there are plans defining what an application >>>> is along the lines of a cgroup (i.e. an app being a collection of >>>> processes). With xattrs one could then attach an icon or human readable >>>> program name on the cgroup. >>>> >>>> The key idea is that this would allow attaching runtime meta information >>>> to cgroups and everything they model (services, apps, vms), that doesn't >>>> need any complex userspace infrastructure, has good access control >>>> (i.e. because the file system enforces that anyway, and there's the >>>> "trusted." xattr namespace), notifications (inotify), and can easily be >>>> shared among applications. > >> >> I'm not against this but unsure whether using kmem is enough for the >> suggested use case. Lennart, would this suit systemd? How much >> metadata are we talking about? > > Just small things, like values, PIDs, i.e. a few 100 bytes or so per cgroup > should be more than sufficient for our needs. I have a really silly question. Why is storing these things in xattrs in a cgroup better than simply implementing a file in a cgroup? It is most definitely going to be a real pain to discover as unix tools do not support xattrs well. Furthermore I am having nasty visiions that storing pids is going to start breaking cgroups the way storing pids already breaks futexes. Which pid namespace is that pid relative to? Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists