On 06/23/16 05:59, Kees Cook wrote:
> On Wed, Jun 22, 2016 at 5:01 PM, Serge E. Hallyn wrote:
>> Quoting Kees Cook (keesc...@chromium.org):
>>> On Wed, Jun 22, 2016 at 11:17 AM, Serge E. Hallyn wrote:
Quoting Topi Miettinen (toiwo...@gmail.com):
> On 06/22/16 17:14, Serge E. Hallyn wrote
On Wed, Jun 22, 2016 at 5:01 PM, Serge E. Hallyn wrote:
> Quoting Kees Cook (keesc...@chromium.org):
>> On Wed, Jun 22, 2016 at 11:17 AM, Serge E. Hallyn wrote:
>> > Quoting Topi Miettinen (toiwo...@gmail.com):
>> >> On 06/22/16 17:14, Serge E. Hallyn wrote:
>> >> > Quoting Topi Miettinen (toiwo.
Quoting Kees Cook (keesc...@chromium.org):
> On Wed, Jun 22, 2016 at 11:17 AM, Serge E. Hallyn wrote:
> > Quoting Topi Miettinen (toiwo...@gmail.com):
> >> On 06/22/16 17:14, Serge E. Hallyn wrote:
> >> > Quoting Topi Miettinen (toiwo...@gmail.com):
> >> >> On 06/21/16 15:45, Serge E. Hallyn wrote
On Wed, Jun 22, 2016 at 11:17 AM, Serge E. Hallyn wrote:
> Quoting Topi Miettinen (toiwo...@gmail.com):
>> On 06/22/16 17:14, Serge E. Hallyn wrote:
>> > Quoting Topi Miettinen (toiwo...@gmail.com):
>> >> On 06/21/16 15:45, Serge E. Hallyn wrote:
>> >>> Quoting Topi Miettinen (toiwo...@gmail.com):
Quoting Topi Miettinen (toiwo...@gmail.com):
> On 06/22/16 17:14, Serge E. Hallyn wrote:
> > Quoting Topi Miettinen (toiwo...@gmail.com):
> >> On 06/21/16 15:45, Serge E. Hallyn wrote:
> >>> Quoting Topi Miettinen (toiwo...@gmail.com):
> On 06/19/16 20:01, se...@hallyn.com wrote:
> > apolo
On 06/22/16 17:14, Serge E. Hallyn wrote:
> Quoting Topi Miettinen (toiwo...@gmail.com):
>> On 06/21/16 15:45, Serge E. Hallyn wrote:
>>> Quoting Topi Miettinen (toiwo...@gmail.com):
On 06/19/16 20:01, se...@hallyn.com wrote:
> apologies for top posting, this phone doesn't support inline)
Quoting Topi Miettinen (toiwo...@gmail.com):
> On 06/21/16 15:45, Serge E. Hallyn wrote:
> > Quoting Topi Miettinen (toiwo...@gmail.com):
> >> On 06/19/16 20:01, se...@hallyn.com wrote:
> >>> apologies for top posting, this phone doesn't support inline)
> >>>
> >>> Where are you preventing less pri
Quoting Topi Miettinen (toiwo...@gmail.com):
> On 06/21/16 15:45, Serge E. Hallyn wrote:
> > Quoting Topi Miettinen (toiwo...@gmail.com):
> >> On 06/19/16 20:01, se...@hallyn.com wrote:
> >>> apologies for top posting, this phone doesn't support inline)
> >>>
> >>> Where are you preventing less pri
On 06/21/16 15:45, Serge E. Hallyn wrote:
> Quoting Topi Miettinen (toiwo...@gmail.com):
>> On 06/19/16 20:01, se...@hallyn.com wrote:
>>> apologies for top posting, this phone doesn't support inline)
>>>
>>> Where are you preventing less privileged tasks from limiting the caps of a
>>> more privi
Quoting Topi Miettinen (toiwo...@gmail.com):
> On 06/19/16 20:01, se...@hallyn.com wrote:
> > apologies for top posting, this phone doesn't support inline)
> >
> > Where are you preventing less privileged tasks from limiting the caps of a
> > more privileged task? It looks like you are relying o
On 06/19/16 20:01, se...@hallyn.com wrote:
> apologies for top posting, this phone doesn't support inline)
>
> Where are you preventing less privileged tasks from limiting the caps of a
> more privileged task? It looks like you are relying on the cgroupfs for that?
I didn't think that aspect. S
apologies for top posting, this phone doesn't support inline)
Where are you preventing less privileged tasks from limiting the caps of a more
privileged task? It looks like you are relying on the cgroupfs for that?
Overall I'm not a fan of this for several reasons. Can you tell us precisely
w
Add a new cgroup controller for enforcement of and monitoring of
capabilities in the cgroup.
Test case (boot to rdshell);
BusyBox v1.22.1 (Debian 1:1.22.0-19) built-in shell (ash)
Enter 'help' for a list of built-in commands.
(initramfs) cd /sys/fs
(initramfs) mount -t cgroup2 cgroup cgroup
(init
13 matches
Mail list logo
