lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 19 Jan 2016 08:03:21 -0800
From:	Stephen Hemminger <stephen@...workplumber.org>
To:	Tejun Heo <tj@...nel.org>
Cc:	David Ahern <dsa@...ulusnetworks.com>, netdev@...r.kernel.org,
	cgroups@...r.kernel.org, shm@...ulusnetworks.com,
	roopa@...ulusnetworks.com
Subject: Re: [RFC PATCH net-next] net: Add l3mdev cgroup

On Mon, 4 Jan 2016 15:05:18 -0500
Tejun Heo <tj@...nel.org> wrote:

> Hello,
> 
> On Mon, Jan 04, 2016 at 12:59:15PM -0700, David Ahern wrote:
> > cgroups have very nice properties that I want to leverage such as
> > parent-child inheritance and easy tracking which subsystem instance a task
> > belongs. This provides a great kernel foundation for building easy to use
> > management tools.
> > 
> > The documentation for cgroups does not restrict a controller to physical
> > resources but rather "it may be anything that wants to act on a group of
> > processes." That is exactly what I am doing here - I have a network config
> > that is applied to a group of processes similar to net_cls and net_prio (but
> > as I stated before those are orthogonal, independent settings from the L3
> > domain).
> 
> Please read the new version of cgroup documentation.
> 
>   https://git.kernel.org/cgit/linux/kernel/git/tj/cgroup.git/tree/Documentation/cgroup.txt?h=for-4.5
> 
> cgroup has experienced a lot of problems doing its main job -
> hierarchical resource control - from trying to support random things
> which want to group threads.  As shown with xt_cgroup, such
> identifying usages can be implemented in a way where the subsystem
> matches the membership rather than cgroup taking in configurations
> which belong to the subsystem, so please investigate that direction.
> 
> Thanks.
> 

Policy like this belongs in userspace not kernel.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ