lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Jun 2016 16:46:14 -0700 From: Andrew Morton <akpm@...ux-foundation.org> To: Topi Miettinen <toiwoton@...il.com> Cc: linux-kernel@...r.kernel.org, luto@...nel.org, serge@...lyn.com, keescook@...omium.org, Jonathan Corbet <corbet@....net>, Tejun Heo <tj@...nel.org>, Li Zefan <lizefan@...wei.com>, Johannes Weiner <hannes@...xchg.org>, Serge Hallyn <serge.hallyn@...onical.com>, James Morris <james.l.morris@...cle.com>, David Howells <dhowells@...hat.com>, David Woodhouse <David.Woodhouse@...el.com>, Ard Biesheuvel <ard.biesheuvel@...aro.org>, "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>, Petr Mladek <pmladek@...e.com>, linux-doc@...r.kernel.org (open list:DOCUMENTATION), cgroups@...r.kernel.org (open list:CONTROL GROUP (CGROUP)), linux-security-module@...r.kernel.org (open list:CAPABILITIES) Subject: Re: [PATCH] capabilities: add capability cgroup controller On Thu, 23 Jun 2016 18:07:10 +0300 Topi Miettinen <toiwoton@...il.com> wrote: > There are many basic ways to control processes, including capabilities, > cgroups and resource limits. However, there are far fewer ways to find > out useful values for the limits, except blind trial and error. > > Currently, there is no way to know which capabilities are actually used. > Even the source code is only implicit, in-depth knowledge of each > capability must be used when analyzing a program to judge which > capabilities the program will exercise. > > Add a new cgroup controller for monitoring of capabilities > in the cgroup. I'm having trouble understanding how valuable this feature is to our users, and that's a rather important thing! Perhaps it would help if you were to explain your motivation: particular use cases which benefited from this, for example.
Powered by blists - more mailing lists