lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <20160812.215000.1068569281494216770.davem@davemloft.net>
Date:	Fri, 12 Aug 2016 21:50:00 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	sargun@...gun.me
Cc:	netdev@...r.kernel.org, alexei.starovoitov@...il.com,
	daniel@...earbox.net, tj@...nel.org
Subject: Re: [PATCH net-next v5 0/3] Add test_current_task_under_cgroup bpf
 helper and test

From: Sargun Dhillon <sargun@...gun.me>
Date: Fri, 12 Aug 2016 08:54:35 -0700

> This patchset includes a helper and an example to determine whether the probe is
> currently executing in the context of a specific cgroup based on a cgroup bpf
> map / array. The helper checks the cgroupsv2 hierarchy based on the handle in
> the map and if the current cgroup is equal to it, or a descendant of it. The
> helper was tested with the example program, and it was verified that the correct
> behaviour occurs in the interrupt context.
> 
> In an earlier version of this patchset I had added an "opensnoop"-like tool, and
> I realized I was basically reimplementing a lot of the code that already exists
> in the bcc repo. So, instead I decided to write a test that creates a new mount
> namespace, mounts up the cgroupv2 hierarchy, and does some basic tests.  I used
> the sync syscall as a canary for these tests because it's a simple, 0-arg
> syscall. Once this patch is accepted, adding support to opensnoop will be easy.
> 
> I also added a task_under_cgroup_hierarchy function in cgroups.h, as this
> pattern is used in a couple places. Converting those can be done in a later
> patchset.
> 
> Thanks to Alexei, Tejun, and Daniel for providing review.
> 
> v1->v2: Clean up
> v2->v3: Move around ifdefs out of *.c files, add an "integration" test
> v3->v4: De-genercize arraymap fetching function;
> 	rename helper from in_cgroup to under_cgroup (makes much more sense)
> 	Split adding cgroups task_under_cgroup_hierarchy function
> v4->v5: Fix formatting

Series applied, thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ