* Waiting for programs to stop
@ 2014-01-10 18:56 Victor Porton
2014-01-10 20:25 ` Fwd: " Victor Porton
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Victor Porton @ 2014-01-10 18:56 UTC (permalink / raw)
To: selinux
I remind that we discuss sandboxing of untrusted programs.
My application needs to receive a signal when ALL direct and indirect children of a process (including this process itself) started in a sandbox exit (it should work even when they call setsid()).
Can this be done with the current kernel?
--
Victor Porton - http://portonvictor.org
^ permalink raw reply [flat|nested] 4+ messages in thread
* Fwd: Waiting for programs to stop
2014-01-10 18:56 Waiting for programs to stop Victor Porton
@ 2014-01-10 20:25 ` Victor Porton
2014-01-12 19:42 ` luis
2014-01-12 20:10 ` Luis Ressel
2 siblings, 0 replies; 4+ messages in thread
From: Victor Porton @ 2014-01-10 20:25 UTC (permalink / raw)
To: linux-kernel
I remind that we discuss sandboxing of untrusted programs.
My application needs to receive a signal when ALL direct and indirect children of a process (including this process itself) started in a sandbox exit (it should work even when they call setsid()).
You can assume that the sandboxing binary creates a new cgroup.
Can this be done with the current kernel?
--
Victor Porton - http://portonvictor.org
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Waiting for programs to stop
2014-01-10 18:56 Waiting for programs to stop Victor Porton
2014-01-10 20:25 ` Fwd: " Victor Porton
@ 2014-01-12 19:42 ` luis
2014-01-12 20:10 ` Luis Ressel
2 siblings, 0 replies; 4+ messages in thread
From: luis @ 2014-01-12 19:42 UTC (permalink / raw)
To: selinux
[-- Attachment #1: Type: text/plain, Size: 636 bytes --]
On Fri, 10 Jan 2014 20:56:18 +0200
Victor Porton <porton@narod.ru> wrote:
> I remind that we discuss sandboxing of untrusted programs.
>
> My application needs to receive a signal when ALL direct and indirect
> children of a process (including this process itself) started in a
> sandbox exit (it should work even when they call setsid()).
>
> Can this be done with the current kernel?
This is completely unrelated to SELinux, so please don't discuss it on
this list. Have a look into cgroups ("notify_on_release").
--
Luis Ressel <aranea@aixah.de>
GPG fpr: F08D 2AF6 655E 25DE 52BC E53D 08F5 7F90 3029 B5BD
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 966 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Waiting for programs to stop
2014-01-10 18:56 Waiting for programs to stop Victor Porton
2014-01-10 20:25 ` Fwd: " Victor Porton
2014-01-12 19:42 ` luis
@ 2014-01-12 20:10 ` Luis Ressel
2 siblings, 0 replies; 4+ messages in thread
From: Luis Ressel @ 2014-01-12 20:10 UTC (permalink / raw)
To: selinux
[-- Attachment #1: Type: text/plain, Size: 636 bytes --]
On Fri, 10 Jan 2014 20:56:18 +0200
Victor Porton <porton@narod.ru> wrote:
> I remind that we discuss sandboxing of untrusted programs.
>
> My application needs to receive a signal when ALL direct and indirect
> children of a process (including this process itself) started in a
> sandbox exit (it should work even when they call setsid()).
>
> Can this be done with the current kernel?
This is completely unrelated to SELinux, so please don't discuss it on
this list. Have a look into cgroups ("notify_on_release").
--
Luis Ressel <aranea@aixah.de>
GPG fpr: F08D 2AF6 655E 25DE 52BC E53D 08F5 7F90 3029 B5BD
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 966 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-01-12 20:10 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-01-10 18:56 Waiting for programs to stop Victor Porton
2014-01-10 20:25 ` Fwd: " Victor Porton
2014-01-12 19:42 ` luis
2014-01-12 20:10 ` Luis Ressel
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.