lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAJuCfpHvRuapSMa2KMdF4_-8fKdqtx_gYVKyw5dYT6XjfRrDfg@mail.gmail.com>
Date:   Thu, 30 Sep 2021 14:20:53 -0700
From:   Suren Baghdasaryan <surenb@...gle.com>
To:     Lee Jones <lee.jones@...aro.org>
Cc:     Tejun Heo <tj@...nel.org>, LKML <linux-kernel@...r.kernel.org>,
        Zefan Li <lizefan.x@...edance.com>,
        Johannes Weiner <hannes@...xchg.org>,
        cgroups mailinglist <cgroups@...r.kernel.org>
Subject: Re: [PATCH 1/1] cgroup-v1: Grant CAP_SYS_NICE holders permission to
 move tasks between cgroups

On Thu, Jun 17, 2021 at 5:02 AM Lee Jones <lee.jones@...aro.org> wrote:
>
> Hi Tejun,
>
> Thanks for your reply.
>
> On Thu, 17 Jun 2021, Tejun Heo wrote:
> > On Thu, Jun 17, 2021 at 10:09:41AM +0100, Lee Jones wrote:
> > > It should be possible for processes with CAP_SYS_NICE capabilities
> > > (privileges) to move lower priority tasks within the same namespace to
> > > different cgroups.
> >
> > I'm not sure that "should" is justified that easily given that cgroup can
> > affect things like device access permissions and basic system organization.
>
> The latter part of that sentence does provide some additional caveats.
>
> > > One extremely common example of this is Android's 'system_server',
> > > which moves processes around to different cgroups/cpusets, but should
> > > not require any other root privileges.
> >
> > Why is this being brought up now after all the years?

Currently Android uses an out-of-tree patch to work around this issue.

>
> This has been discussed before?
>
> I didn't find any evidence of that on the lists.

IIRC, John Stultz from Linaro tried to upstream a similar patch before.

>
> > Isn't android moving onto cgroup2 anyway?
>
> That I would have to check.

Some of the controllers are moving to cgroup v2 but not all of them
are there yet. For example, there are still some issues with moving
the cpu controller to v2 which I believe were discussed during Android
Microconference at LPC 2021.

>
> --
> Lee Jones [李琼斯]
> Senior Technical Lead - Developer Services
> Linaro.org │ Open source software for Arm SoCs
> Follow Linaro: Facebook | Twitter | Blog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ