On 8/13/2012 10:01 AM, Al Viro wrote:
On Mon, Aug 13, 2012 at 09:58:12AM -0700, John Fastabend wrote:
[...]
HOWEVER, it still doesn't address more fundamental problem - somebody
creating a socket and passing it to you in SCM_RIGHTS datagram will
leave you with a socket you can do IO on, still tagged according to who
had created it.
AFAICS, the whole point of that exercise was to allow third-party changing
the priorities of traffic on sockets already created by a process we now
move to a different cgroup. Consider e.g. this:
Correct that is the point of the exercise.
To fix this specific case we could add a call to sock_update_netprioidx
in scm_recv to set the sk_cgrp_prioidx value.
On every received descriptor, that is? Eeek...
We are already iterating through the files in scm_detach_fds called from
scm_recv(). This would be an extra (file->f_op == &socket_file_ops)
check here and then the sock update.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
