| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1274343043.23393.7.camel@lsx.localdomain> Date: Thu, 20 May 2010 10:10:43 +0200 From: Thomas Graf <tgraf@...hat.com> To: Herbert Xu <herbert@...dor.hengli.com.au> Cc: Eric Dumazet <eric.dumazet@...il.com>, David Miller <davem@...emloft.net>, bmb@...enacr.com, nhorman@...driver.com, nhorman@...hat.com, netdev@...r.kernel.org Subject: Re: tun: Use netif_receive_skb instead of netif_rx On Thu, 2010-05-20 at 16:52 +1000, Herbert Xu wrote: > The value is set at socket creation time. So all sockets created > via socket(2) automatically gains the ID of the thread creating it. > Whenever another process touches the socket by either reading or > writing to it, we will change the socket classid to that of the > process if it has a valid (non-zero) classid. There is a fundamental problem with this. The process needs to be associated with the cgroup before any sockets get created. Sockets are often created right after the application starts. This means that the only viable option is to start each application in a wrapper which assigns itself to the cgroup and then forks the application as its child. If a task is associated with a cgroup after it has started it may lead to unpredictable outcome because only some of the sockets may end up being classified. This was the actual reason for the old method. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists