| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 4 Mar 2015 12:08:14 -0800 (PST) From: David Lang <david@...g.hm> To: Luke Kenneth Casson Leighton <lkcl@...l.net> cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: cgroup: status-quo and userland efforts On Wed, 4 Mar 2015, Luke Kenneth Casson Leighton wrote: > >> and why he concludes that having a single hierarchy for all resource types. correcting to add "is not always a good idea" > > i think.... having a single hierarchy is fine *if* and only if it is > possible to overlay something similar to SE/Linux policy files - > enforced by the kernel *not* by userspace (sorry serge!) - such that > through those policy files any type of hierarchy be it single or multi > layer, recursive or in fact absolutely anything, may be emulated and > properly enforced. The fundamental problem is that sometimes you have types of controls that are orthoginal to each other, and you either manage the two types of things in separate hierarchies, or you end up with one hierarchy that is a permutation of all the combinations of what would have been separate hierarchies. David Lang -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists