On 07/08/16 09:13, Petr Mladek wrote:
> On Thu 2016-07-07 20:27:13, Topi Miettinen wrote:
>> On 07/07/16 09:16, Petr Mladek wrote:
>>> On Sun 2016-07-03 15:08:07, Topi Miettinen wrote:
The attached patch would make any uses of capabilities generate audit
messages. It works for simple test
On 07/08/16 09:13, Petr Mladek wrote:
> On Thu 2016-07-07 20:27:13, Topi Miettinen wrote:
>> On 07/07/16 09:16, Petr Mladek wrote:
>>> On Sun 2016-07-03 15:08:07, Topi Miettinen wrote:
The attached patch would make any uses of capabilities generate audit
messages. It works for simple test
On Thu 2016-07-07 20:27:13, Topi Miettinen wrote:
> On 07/07/16 09:16, Petr Mladek wrote:
> > On Sun 2016-07-03 15:08:07, Topi Miettinen wrote:
> >> The attached patch would make any uses of capabilities generate audit
> >> messages. It works for simple tests as you can see from the commit
> >> mes
On 07/07/16 09:16, Petr Mladek wrote:
> On Sun 2016-07-03 15:08:07, Topi Miettinen wrote:
>> The attached patch would make any uses of capabilities generate audit
>> messages. It works for simple tests as you can see from the commit
>> message, but unfortunately the call to audit_cgroup_list() dead
On Sun 2016-07-03 15:08:07, Topi Miettinen wrote:
> The attached patch would make any uses of capabilities generate audit
> messages. It works for simple tests as you can see from the commit
> message, but unfortunately the call to audit_cgroup_list() deadlocks the
> system when booting a full blow
On 06/27/16 19:49, Serge E. Hallyn wrote:
> Quoting Tejun Heo (t...@kernel.org):
>> Hello,
>>
>> On Mon, Jun 27, 2016 at 3:10 PM, Topi Miettinen wrote:
>>> I'll have to study these more. But from what I saw so far, it looks to
>>> me that a separate tool would be needed to read taskstats and if th
On 06/28/16 04:57, Eric W. Biederman wrote:
> Topi Miettinen writes:
>
>> On 06/24/16 17:21, Eric W. Biederman wrote:
>>> "Serge E. Hallyn" writes:
>>>
Quoting Tejun Heo (t...@kernel.org):
> Hello,
>
> On Fri, Jun 24, 2016 at 10:59:16AM -0500, Serge E. Hallyn wrote:
>> Quoti
Topi Miettinen writes:
> On 06/24/16 17:21, Eric W. Biederman wrote:
>> "Serge E. Hallyn" writes:
>>
>>> Quoting Tejun Heo (t...@kernel.org):
Hello,
On Fri, Jun 24, 2016 at 10:59:16AM -0500, Serge E. Hallyn wrote:
> Quoting Tejun Heo (t...@kernel.org):
>> But isn't being
Quoting Tejun Heo (t...@kernel.org):
> Hello,
>
> On Mon, Jun 27, 2016 at 3:10 PM, Topi Miettinen wrote:
> > I'll have to study these more. But from what I saw so far, it looks to
> > me that a separate tool would be needed to read taskstats and if that
> > tool is not taken by distros, the users
Hello,
On Mon, Jun 27, 2016 at 3:10 PM, Topi Miettinen wrote:
> I'll have to study these more. But from what I saw so far, it looks to
> me that a separate tool would be needed to read taskstats and if that
> tool is not taken by distros, the users would not be any wiser, right?
> With cgroup (or
On 06/27/16 14:54, Serge E. Hallyn wrote:
> Quoting Tejun Heo (t...@kernel.org):
>> Hello, Topi.
>>
>> On Sun, Jun 26, 2016 at 3:14 PM, Topi Miettinen wrote:
>>> The parent might be able do it if proc/pid/xyz files are still
>>> accessible after child exit but before its exit status is collected.
Quoting Tejun Heo (t...@kernel.org):
> Hello, Topi.
>
> On Sun, Jun 26, 2016 at 3:14 PM, Topi Miettinen wrote:
> > The parent might be able do it if proc/pid/xyz files are still
> > accessible after child exit but before its exit status is collected. But
> > if the parent doesn't do it (and you a
Hello, Topi.
On Sun, Jun 26, 2016 at 3:14 PM, Topi Miettinen wrote:
> The parent might be able do it if proc/pid/xyz files are still
> accessible after child exit but before its exit status is collected. But
> if the parent doesn't do it (and you are not able to change it to do it)
> and it colle
On 06/24/16 17:24, Tejun Heo wrote:
> Hello, Serge.
>
> On Fri, Jun 24, 2016 at 11:59:10AM -0500, Serge E. Hallyn wrote:
>>> Just monitoring is less jarring than implementing security enforcement
>>> via cgroup, but it is still jarring. What's wrong with recursive
>>> process hierarchy monitoring
On 06/24/16 17:21, Eric W. Biederman wrote:
> "Serge E. Hallyn" writes:
>
>> Quoting Tejun Heo (t...@kernel.org):
>>> Hello,
>>>
>>> On Fri, Jun 24, 2016 at 10:59:16AM -0500, Serge E. Hallyn wrote:
Quoting Tejun Heo (t...@kernel.org):
> But isn't being recursive orthogonal to using cgrou
On Fri, Jun 24, 2016 at 6:15 AM, Andy Lutomirski wrote:
> On Thu, Jun 23, 2016 at 6:14 PM, Topi Miettinen wrote:
>> On 06/23/16 23:46, Andrew Morton wrote:
>>> On Thu, 23 Jun 2016 18:07:10 +0300 Topi Miettinen
>>> wrote:
>>>
There are many basic ways to control processes, including capabil
Quoting Eric W. Biederman (ebied...@xmission.com):
> "Serge E. Hallyn" writes:
>
> > Quoting Tejun Heo (t...@kernel.org):
> >> Hello,
> >>
> >> On Fri, Jun 24, 2016 at 10:59:16AM -0500, Serge E. Hallyn wrote:
> >> > Quoting Tejun Heo (t...@kernel.org):
> >> > > But isn't being recursive orthogon
"Serge E. Hallyn" writes:
> Quoting Tejun Heo (t...@kernel.org):
>> Hello,
>>
>> On Fri, Jun 24, 2016 at 10:59:16AM -0500, Serge E. Hallyn wrote:
>> > Quoting Tejun Heo (t...@kernel.org):
>> > > But isn't being recursive orthogonal to using cgroup? Why not account
>> > > usages recursively alon
Hello, Serge.
On Fri, Jun 24, 2016 at 11:59:10AM -0500, Serge E. Hallyn wrote:
> > Just monitoring is less jarring than implementing security enforcement
> > via cgroup, but it is still jarring. What's wrong with recursive
> > process hierarchy monitoring which is in line with the whole facility
Quoting Tejun Heo (t...@kernel.org):
> Hello,
>
> On Fri, Jun 24, 2016 at 10:59:16AM -0500, Serge E. Hallyn wrote:
> > Quoting Tejun Heo (t...@kernel.org):
> > > But isn't being recursive orthogonal to using cgroup? Why not account
> > > usages recursively along the process hierarchy? Capabiliti
Hello,
On Fri, Jun 24, 2016 at 10:59:16AM -0500, Serge E. Hallyn wrote:
> Quoting Tejun Heo (t...@kernel.org):
> > But isn't being recursive orthogonal to using cgroup? Why not account
> > usages recursively along the process hierarchy? Capabilities don't
> > have much to do with cgroup but ever
Quoting Tejun Heo (t...@kernel.org):
> Hello,
>
> On Fri, Jun 24, 2016 at 12:22:54AM +, Topi Miettinen wrote:
> > > This doesn't have anything to do with resource control and I don't
> > > think it's a good idea to add arbitrary monitoring mechanisms to
> > > cgroup just because it's easy to a
Hello,
On Fri, Jun 24, 2016 at 12:22:54AM +, Topi Miettinen wrote:
> > This doesn't have anything to do with resource control and I don't
> > think it's a good idea to add arbitrary monitoring mechanisms to
> > cgroup just because it's easy to add interface there. Given that
> > capabilities
On Thu, Jun 23, 2016 at 6:14 PM, Topi Miettinen wrote:
> On 06/23/16 23:46, Andrew Morton wrote:
>> On Thu, 23 Jun 2016 18:07:10 +0300 Topi Miettinen wrote:
>>
>>> There are many basic ways to control processes, including capabilities,
>>> cgroups and resource limits. However, there are far fewer
On 06/23/16 23:46, Andrew Morton wrote:
> On Thu, 23 Jun 2016 18:07:10 +0300 Topi Miettinen wrote:
>
>> There are many basic ways to control processes, including capabilities,
>> cgroups and resource limits. However, there are far fewer ways to find
>> out useful values for the limits, except bli
On 06/23/16 21:38, Tejun Heo wrote:
> Hello,
>
> On Thu, Jun 23, 2016 at 06:07:10PM +0300, Topi Miettinen wrote:
>> There are many basic ways to control processes, including capabilities,
>> cgroups and resource limits. However, there are far fewer ways to find
>> out useful values for the limits,
On Thu, 23 Jun 2016 18:07:10 +0300 Topi Miettinen wrote:
> There are many basic ways to control processes, including capabilities,
> cgroups and resource limits. However, there are far fewer ways to find
> out useful values for the limits, except blind trial and error.
>
> Currently, there is no
Hello,
On Thu, Jun 23, 2016 at 06:07:10PM +0300, Topi Miettinen wrote:
> There are many basic ways to control processes, including capabilities,
> cgroups and resource limits. However, there are far fewer ways to find
> out useful values for the limits, except blind trial and error.
>
> Currently
On Thu, Jun 23, 2016 at 8:07 AM, Topi Miettinen wrote:
> There are many basic ways to control processes, including capabilities,
> cgroups and resource limits. However, there are far fewer ways to find
> out useful values for the limits, except blind trial and error.
>
> Currently, there is no way
29 matches
Mail list logo
