| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 01 Aug 2017 02:17:20 -0400
From: Hannes Frederic Sowa <hannes@...essinduktion.org>
To: Eric Dumazet <eric.dumazet@...il.com>
Cc: Matteo Croce <mcroce@...hat.com>, netdev@...r.kernel.org
Subject: Re: [RFC] net: make net.core.{r,w}mem_{default,max} namespaced
Eric Dumazet <eric.dumazet@...il.com> writes:
> On Wed, 2017-07-26 at 19:03 +0200, Matteo Croce wrote:
>> The following sysctl are global and can't be read or set from a netns:
>>
>> net.core.rmem_default
>> net.core.rmem_max
>> net.core.wmem_default
>> net.core.wmem_max
>>
>> Make the following sysctl parameters available from within a network
>> namespace, allowing to set unique values per network namespace.
>>
>> My concern is about the initial value of this sysctl in the newly
>> creates netns: I'm not sure if is better to copy them from the init
>> namespace or set them to the default values.
>>
>> Setting them to the default value has the advantage that a new namespace
>> behaves like a freshly booted system, while copying them from the init
>> netns has the advantage of keeping the current behaviour as the values
>> from the init netns are used.
>>
>> Signed-off-by: Matteo Croce <mcroce@...hat.com>
>> ---
>
> It looks that these sysctls were giving some kind of isolation.
>
> If we make them per namespace, a malicious usage could eat all memory
> and hurt other namespaces.
We do account rmem as well as wmem allocated memory to the apropriate
mem_cgs. In theory this should be okay.
Bye,
Hannes
Powered by blists - more mailing lists