| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20161004194932.GI4205@htj.duckdns.org>
Date: Tue, 4 Oct 2016 15:49:32 -0400
From: Tejun Heo <tj@...nel.org>
To: John Stultz <john.stultz@...aro.org>
Cc: lkml <linux-kernel@...r.kernel.org>, Li Zefan <lizefan@...wei.com>,
Jonathan Corbet <corbet@....net>, cgroups@...r.kernel.org,
Android Kernel Team <kernel-team@...roid.com>,
Rom Lemarchand <romlem@...roid.com>,
Colin Cross <ccross@...roid.com>,
Dmitry Shmidt <dimitrysh@...gle.com>,
Todd Kjos <tkjos@...gle.com>,
Christian Poetzsch <christian.potzsch@...tec.com>,
Amit Pundir <amit.pundir@...aro.org>,
Serge Hallyn <serge.hallyn@...onical.com>
Subject: Re: [RFC][PATCH 0/2] Another pass at Android style loosening of
cgroup attach permissions
Hello,
On Tue, Oct 04, 2016 at 12:46:24PM -0700, John Stultz wrote:
> Ok. I'll respin this introducing and using a new CAP value.
>
> That said, while CAP_SYS_NICE seems a bit overloaded here, it doesn't
> conceptually have that much friction for use with cpuset and cpuctrl
> cgroups:
We need to solve it for userns too and I wanna avoid pushing
permission logic into specific controllers. The logical extensions of
that would be protecting control interface files by different CAPs
too. It might work for some knobs and then there will all but
certainly unclear corner cases and so on. Let's please not go there.
Thanks.
--
tejun
Powered by blists - more mailing lists