[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140416162149.GI1257@htj.dyndns.org>
Date: Wed, 16 Apr 2014 12:21:49 -0400
From: Tejun Heo <tj@...nel.org>
To: Simo Sorce <ssorce@...hat.com>
Cc: Andy Lutomirski <luto@...capital.net>,
David Miller <davem@...emloft.net>,
Vivek Goyal <vgoyal@...hat.com>,
Daniel Walsh <dwalsh@...hat.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
lpoetter@...hat.com, cgroups@...r.kernel.org, kay@...hat.com,
Network Development <netdev@...r.kernel.org>
Subject: Re: [PATCH 2/2] net: Implement SO_PASSCGROUP to enable passing
cgroup path
Hello,
On Wed, Apr 16, 2014 at 12:13:57PM -0400, Simo Sorce wrote:
> The only one that *may* be reasonable is the "secret" cgroup name one,
> however nobody seem to come up with a reason why it is legitimate to
> allow to keep cgroup names secret.
Ugh, please don't play security games with cgroup names. It is one of
the identifying properties of a task, like a pid, and will be used in
other parts of the kernel to match groups of tasks. If we play
security peekaboo with cgroup names, it has to be transitive and puts
burdens on all its future uses. Unless there are *REALLY* strong
rationales, which can also justify hiding pids, this isn't happening.
Thanks.
--
tejun
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists