> On May 14, 2018, at 5:01 AM, Florian Weimer <fwei...@redhat.com> wrote: > >> One thing we could do, though: the current initual state on process >> creation is all access blocked on all keys. We could change it so that >> half the keys are fully blocked and half are read-only. Then we could add >> a PKEY_ALLOC_STRICT or similar that allocates a key with the correct >> initial state*and* does the setsignal thing. If there are no keys left >> with the correct initial state, then it fails. > > The initial PKRU value can currently be configured by the system > administrator. I fear this approach has too many moving parts to be viable. > > Honestly, I think we should drop that option. I don’t see how we can expect an administrator to do this usefully.
- Re: [PATCH] pkeys: Introduce PKEY_ALLOC_SIGNALINHERIT and ... Ram Pai
- Re: [PATCH] pkeys: Introduce PKEY_ALLOC_SIGNALINHERIT... Florian Weimer
- Re: [PATCH] pkeys: Introduce PKEY_ALLOC_SIGNALINHERIT... Andy Lutomirski
- Re: [PATCH] pkeys: Introduce PKEY_ALLOC_SIGNALINH... Florian Weimer
- Re: [PATCH] pkeys: Introduce PKEY_ALLOC_SIGNA... Andy Lutomirski
- Re: [PATCH] pkeys: Introduce PKEY_ALLOC_S... Florian Weimer
- Re: [PATCH] pkeys: Introduce PKEY_AL... Andy Lutomirski
- Re: [PATCH] pkeys: Introduce PKE... Florian Weimer
- Re: [PATCH] pkeys: Introduce... Dave Hansen
- Re: [PATCH] pkeys: Introduce PKEY_AL... Ram Pai
- Re: [PATCH] pkeys: Introduce PKE... Andy Lutomirski
- Re: [PATCH] pkeys: Introduce PKEY_ALLOC_SIGNA... Ram Pai
- Re: [PATCH] pkeys: Introduce PKEY_ALLOC_S... Andy Lutomirski
- Re: [PATCH] pkeys: Introduce PKEY_AL... Ram Pai
- Re: [PATCH] pkeys: Introduce PKE... Florian Weimer
- Re: [PATCH] pkeys: Introduce PKEY_ALLOC_S... Florian Weimer
