| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20121115153043.GA24131@dhcp22.suse.cz> Date: Thu, 15 Nov 2012 16:30:43 +0100 From: Michal Hocko <mhocko@...e.cz> To: Ulrich Windl <Ulrich.Windl@...uni-regensburg.de> Cc: linux-kernel@...r.kernel.org Subject: Re: Q: using cgroups in real life On Wed 14-11-12 14:54:30, Ulrich Windl wrote: > Hi! > > I have a question on cgroups (as of Linux 3.0): > The concept is to mount a filesystem, and configure cgroups through > it. This implies that all the files belong to root (or maybe some > other fixed user). Have a look at libcgroup package - cgconfig in particular. > AFAIK, you can chmod() and chown() files, but these bits are only kept > in the i-node cache, so they may change at any time. Not true they will live with the files > I think this is bad, because if you want to allow users to limit > (maybe memory usage) by using some predefined cgroup, the user > needs at least partial write access to that cgroup (to add the > PID). Probably this also means the user could add any PID (even those > processes not owned by him). man cgconfig.conf [...] I would suggest asking this kind of questions at libcgroup libcg-devel@...ts.sourceforge.net mailing list as it is more focused on the cgroups usage. -- Michal Hocko SUSE Labs -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists