| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALCETrX=UOZSMb93sPpC+K6iYMkCuoYve=_m3Ho9WPTp3Qhj7w@mail.gmail.com> Date: Fri, 10 Jan 2014 10:56:29 -0800 From: Andy Lutomirski <luto@...capital.net> To: Victor Porton <porton@...od.ru> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: [RFC] subreaper mode 2 (Re: A feature suggestion for sandboxing processes) On Fri, Jan 10, 2014 at 7:00 AM, Victor Porton <porton@...od.ru> wrote: > I don't quite understand your subreaper mode 2, but for me it looks like that this would break compatibility (sandboxed applications ideally should not be written in any special way, any application which does not open new files (or does similar things) should work in sandbox just like as if there would be no sandbox). I'm suggesting that *sandbox*, not the application in the sandbox, use subreaper mode 2 (or whatever the new mechanism). The sandboxed app should case, except insofar as as the sandbox can't double-fork to create long-lived subprocesses. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists