From: Lee Revell <rlrevell@joe-job.com> To: "Jack O'Quin" <joq@io.com> Cc: Paul Davis <paul@linuxaudiosystems.com>, Matt Mackall <mpm@selenic.com>, Chris Wright <chrisw@osdl.org>, Christoph Hellwig <hch@infradead.org>, Andrew Morton <akpm@osdl.org>, arjanv@redhat.com, mingo@elte.hu, alan@lxorguk.ukuu.org.uk, Con Kolivas <kernel@kolivas.org>, linux-kernel@vger.kernel.org Subject: Re: [PATCH] [request for inclusion] Realtime LSM Date: Tue, 11 Jan 2005 16:07:15 -0500 [thread overview] Message-ID: <1105477636.4295.47.camel@krustophenia.net> (raw) In-Reply-To: <87oefw3p7m.fsf@sulphur.joq.us> On Tue, 2005-01-11 at 10:28 -0600, Jack O'Quin wrote: > Paul Davis <paul@linuxaudiosystems.com> writes: > > >>Rlimits are neither UID/GID or PAM-specific. They fit well within > >>the general model of UNIX security, extending an existing mechanism > >>rather than adding a completely new one. That PAM happens to be the > >>way rlimits are usually administered may be unfortunate, yes, but it > >>doesn't mean that rlimits is the wrong way. > > PAM is how most GNU/Linux systems manage rlimits. It is very UID/GID > oriented. So from the sysadmin perspective, claiming that rlimits is > "better" or "easier to manage" than "GID hacks" is bogus. > Sorry, I have to agree with Matt, let's just use PAM. Maybe I have been a Linux admin for too long but I don't think PAM is so bad. Yes it could be better documented but if this was a showstopper then no one would use Linux at all. It's not like every naive user will have to figure out PAM now, the audio oriented distributions will just set it up right by default. And if people want to use the mainstream distros to do audio work OOTB, they'll just have to bug their vendor about it. > > agreed, although i note with interest the flap over RLIMIT_MEMLOCK > > being made accessible to unprivileged users by people working on > > grsecurity. > > :-) But we are not talking about unprivileged users. Do not take "unprivileged" to mean "nonroot". We need an easy mechanism for root to tell the kernel 'the following users get to do things that could potentially lock up the system'. No general purpose Linux distro would ship with this enabled by default for everyone. But, to quote another LKML thread 'you can't prevent root from doing stupid things because that would also keep him from doing clever things'. It's a fine line between stupid and clever. Lee
next prev parent reply other threads:[~2005-01-11 21:11 UTC|newest]
Thread overview: 266+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-12-30 2:43 [PATCH] [request for inclusion] Realtime LSM Lee Revell
2005-01-03 14:03 ` Christoph Hellwig
2005-01-03 14:15 ` Arjan van de Ven
2005-01-07 16:40 ` Lee Revell
2005-01-04 18:16 ` Lee Revell
2005-01-04 18:20 ` Christoph Hellwig
2005-01-04 18:55 ` Jack O'Quin
2005-01-04 18:59 ` Lee Revell
2005-01-05 0:01 ` Alan Cox
2005-01-05 1:28 ` Lee Revell
2005-01-05 1:30 ` Lee Revell
2005-01-05 1:50 ` Chris Wright
2005-01-05 1:55 ` Lee Revell
2005-01-05 2:05 ` Chris Wright
2005-01-05 2:58 ` Kyle Moffett
2005-01-05 3:45 ` Chris Wright
2005-01-05 4:06 ` Jack O'Quin
2005-01-05 11:52 ` Ingo Molnar
2005-01-05 15:19 ` Lee Revell
2005-01-05 15:21 ` Lee Revell
2005-01-07 12:56 ` Paul Davis
2005-01-07 13:04 ` Christoph Hellwig
2005-01-07 14:16 ` Paul Davis
2005-01-07 14:26 ` Arjan van de Ven
2005-01-07 14:38 ` Paul Davis
2005-01-07 14:42 ` Arjan van de Ven
2005-01-07 15:27 ` Paul Davis
2005-01-07 15:33 ` Arjan van de Ven
2005-01-07 15:41 ` Paul Davis
2005-01-07 16:03 ` Arjan van de Ven
2005-01-07 16:20 ` Takashi Iwai
2005-01-08 5:36 ` Con Kolivas
2005-01-08 6:21 ` Jack O'Quin
2005-01-07 16:20 ` Paul Davis
2005-01-07 21:12 ` Lee Revell
2005-01-07 21:49 ` Andrew Morton
2005-01-07 22:07 ` Valdis.Kletnieks
2005-01-07 22:36 ` Chris Wright
2005-01-07 23:01 ` Valdis.Kletnieks
2005-01-07 23:20 ` Andrew Morton
2005-01-07 23:34 ` Valdis.Kletnieks
2005-01-10 21:05 ` Matt Mackall
2005-01-07 22:10 ` Christoph Hellwig
2005-01-07 22:26 ` Paul Davis
2005-01-07 22:29 ` Chris Wright
2005-01-08 6:12 ` Jack O'Quin
2005-01-08 16:56 ` ross
2005-01-08 18:25 ` Christoph Hellwig
2005-01-08 22:20 ` Lee Revell
2005-01-08 22:27 ` Andreas Steinmetz
2005-01-08 22:14 ` Lee Revell
2005-01-10 21:20 ` Matt Mackall
2005-01-11 13:05 ` Paul Davis
2005-01-11 16:28 ` Jack O'Quin
2005-01-11 18:59 ` Matt Mackall
2005-01-11 20:47 ` utz lehmann
2005-01-11 21:07 ` Lee Revell [this message]
2005-01-11 19:17 ` Matt Mackall
2005-01-11 19:42 ` Jack O'Quin
2005-01-11 20:50 ` Chris Wright
2005-01-11 20:58 ` Ingo Molnar
2005-01-11 21:14 ` Chris Wright
2005-01-11 21:27 ` Ingo Molnar
2005-01-11 22:13 ` Chris Wright
2005-01-11 22:26 ` Con Kolivas
2005-01-12 3:21 ` Jack O'Quin
2005-01-12 4:29 ` Chris Wright
2005-01-13 5:44 ` Jack O'Quin
2005-01-13 6:34 ` Matt Mackall
2005-01-13 19:17 ` Jack O'Quin
2005-01-14 20:52 ` Lee Revell
2005-01-15 0:42 ` Jack O'Quin
2005-01-15 2:19 ` Randy.Dunlap
2005-01-15 4:06 ` Jack O'Quin
2005-01-15 13:49 ` Ingo Molnar
2005-01-15 23:02 ` Jack O'Quin
2005-01-15 23:38 ` Jack O'Quin
2005-01-16 23:13 ` Ingo Molnar
2005-01-16 23:57 ` Jack O'Quin
2005-01-17 9:17 ` Sytse Wielinga
2005-01-17 14:36 ` Ingo Molnar
2005-01-17 10:06 ` Ingo Molnar
2005-01-18 5:02 ` Jack O'Quin
2005-01-18 8:02 ` Ingo Molnar
2005-01-18 17:05 ` Jack O'Quin
2005-01-19 8:24 ` Ingo Molnar
2005-01-19 14:39 ` Ingo Molnar
2005-01-19 17:45 ` Jack O'Quin
2005-01-19 18:32 ` Matt Mackall
2005-01-20 8:07 ` Ingo Molnar
2005-01-20 8:05 ` Ingo Molnar
2005-01-11 14:30 ` Jack O'Quin
2005-01-11 19:50 ` Matt Mackall
2005-01-11 19:57 ` Jack O'Quin
2005-01-11 20:05 ` Matt Mackall
2005-01-11 20:29 ` Lee Revell
2005-01-11 20:47 ` Chris Wright
2005-01-11 21:10 ` Lee Revell
2005-01-11 21:20 ` Chris Wright
2005-01-11 21:28 ` Matt Mackall
2005-01-11 21:38 ` Lee Revell
2005-01-11 21:41 ` Arjan van de Ven
2005-01-11 22:51 ` Paul Davis
2005-01-11 23:05 ` Chris Wright
2005-01-12 1:43 ` Jack O'Quin
2005-01-12 7:49 ` Arjan van de Ven
2005-01-12 21:12 ` Lee Revell
2005-01-13 0:44 ` Jack O'Quin
2005-01-13 7:28 ` Arjan van de Ven
2005-01-13 21:04 ` Jack O'Quin
2005-01-13 21:07 ` Arjan van de Ven
2005-01-13 21:25 ` Lee Revell
2005-01-13 21:43 ` Arjan van de Ven
2005-01-13 23:31 ` Jack O'Quin
2005-01-14 0:33 ` Chris Wright
2005-01-14 0:50 ` Con Kolivas
2005-01-14 1:20 ` Matt Mackall
2005-01-14 1:27 ` Con Kolivas
2005-01-14 17:20 ` Mike Galbraith
2005-01-15 1:14 ` Jack O'Quin
2005-01-15 8:06 ` Mike Galbraith
2005-01-15 23:48 ` Jack O'Quin
2005-01-14 2:05 ` utz lehmann
2005-01-14 2:08 ` Con Kolivas
2005-01-14 2:23 ` Andrew Morton
2005-01-14 2:35 ` utz lehmann
2005-01-14 2:42 ` Con Kolivas
2005-01-14 3:20 ` Andrew Morton
2005-01-14 3:28 ` utz lehmann
2005-01-14 3:26 ` utz lehmann
2005-01-14 2:24 ` Nick Piggin
2005-01-14 2:40 ` Paul Davis
2005-01-14 2:57 ` Nick Piggin
2005-01-14 3:12 ` Andrew Morton
2005-01-14 3:18 ` Con Kolivas
2005-01-14 3:30 ` Paul Davis
2005-01-14 3:38 ` Con Kolivas
2005-01-14 3:51 ` Paul Davis
2005-01-14 4:00 ` Con Kolivas
2005-01-14 4:16 ` Nick Piggin
2005-01-14 4:04 ` Nick Piggin
2005-01-14 3:31 ` Nick Piggin
2005-01-14 3:34 ` Paul Davis
2005-01-14 4:11 ` Con Kolivas
2005-01-14 4:23 ` Nick Piggin
2005-01-14 4:45 ` Paul Davis
2005-01-14 5:14 ` Nick Piggin
2005-01-14 9:21 ` Will Dyson
2005-01-14 9:54 ` Nick Piggin
2005-01-14 6:57 ` Matt Mackall
2005-01-14 7:04 ` Andrew Morton
2005-01-14 7:55 ` Chris Wright
2005-01-14 20:10 ` Chris Wright
2005-01-14 20:55 ` Matt Mackall
2005-01-14 23:04 ` Chris Wright
2005-01-15 0:58 ` Matt Mackall
2005-01-11 22:05 ` Matt Mackall
2005-01-11 21:42 ` Chris Wright
2005-01-11 22:16 ` Matt Mackall
2005-01-11 22:21 ` Chris Wright
2005-01-11 22:36 ` utz lehmann
2005-01-11 22:41 ` Chris Wright
2005-01-11 22:17 ` utz
2005-01-11 22:48 ` Paul Davis
2005-01-11 23:06 ` Matt Mackall
2005-01-12 2:13 ` Paul Davis
2005-01-12 19:09 ` Matt Mackall
2005-01-12 21:25 ` Lee Revell
2005-01-11 20:19 ` Chris Friesen
2005-01-11 22:45 ` Paul Davis
2005-01-11 21:21 ` Ingo Molnar
2005-01-12 2:10 ` Jack O'Quin
2005-01-15 4:56 ` Jack O'Quin
2005-01-15 14:43 ` Ingo Molnar
2005-01-15 23:10 ` Jack O'Quin
2005-01-16 1:48 ` Jack O'Quin
2005-01-16 4:30 ` Jack O'Quin
2005-01-16 23:22 ` Ingo Molnar
2005-01-07 23:00 ` Lee Revell
2005-01-07 22:22 ` Paul Davis
2005-01-07 22:44 ` Andreas Steinmetz
2005-01-07 16:03 ` Martin Mares
2005-01-07 16:22 ` Paul Davis
2005-01-08 13:04 ` Paul Jakma
2005-01-07 14:47 ` Christoph Hellwig
2005-01-07 15:26 ` Paul Davis
2005-01-07 16:08 ` Martin Mares
2005-01-07 16:14 ` Paul Davis
2005-01-07 16:29 ` Martin Mares
2005-01-07 16:36 ` Paul Davis
2005-01-07 17:06 ` Martin Mares
2005-01-07 17:29 ` Chris Wright
2005-01-07 17:32 ` Martin Mares
2005-01-07 17:38 ` Chris Wright
2005-01-07 19:55 ` Jack O'Quin
2005-01-07 16:37 ` Takashi Iwai
2005-01-07 16:41 ` Martin Mares
2005-01-07 17:53 ` Chris Wright
2005-01-07 18:01 ` Chris Wright
2005-01-05 18:18 ` Jack O'Quin
2005-01-05 4:04 ` Jack O'Quin
2005-01-05 11:25 ` Christoph Hellwig
2005-01-05 17:32 ` Lee Revell
2005-01-05 19:11 ` Christoph Hellwig
2005-01-05 11:20 ` Christoph Hellwig
2005-01-04 18:57 ` Lee Revell
2005-01-05 1:35 ` Andreas Steinmetz
2005-01-05 4:18 ` Alan Cox
2005-01-05 5:50 ` Andrew Morton
2005-01-05 12:06 ` Herbert Poetzl
2005-01-07 1:13 ` Matt Mackall
2005-01-07 1:55 ` Alan Cox
2005-01-07 20:05 ` Matt Mackall
2005-01-05 20:09 ` Olaf Dietsche
2005-01-07 1:18 ` Matt Mackall
2005-01-07 2:36 ` Lee Revell
2005-01-07 5:54 ` Jack O'Quin
2005-01-07 20:02 ` Matt Mackall
2005-01-07 20:21 ` Chris Wright
2005-01-07 20:27 ` Jack O'Quin
2005-01-07 20:46 ` Matt Mackall
2005-01-07 20:55 ` Lee Revell
2005-01-07 21:20 ` Matt Mackall
2005-01-07 21:29 ` Chris Wright
2005-01-07 20:45 ` Lee Revell
2005-01-05 11:39 ` Christoph Hellwig
2005-01-05 17:35 ` Lee Revell
2005-01-05 19:11 ` Christoph Hellwig
2005-01-05 11:24 ` Christoph Hellwig
[not found] <20050112185258.GG2940@waste.org>
2005-01-12 21:16 ` Paul Davis
2005-03-08 3:50 ` Andrew Morton
2005-03-08 3:55 ` Christoph Hellwig
2005-03-08 4:16 ` Andrew Morton
2005-03-08 4:22 ` Ingo Molnar
2005-03-08 4:28 ` Andrew Morton
2005-03-08 4:32 ` Christoph Hellwig
2005-03-08 4:47 ` Matt Mackall
2005-03-08 4:58 ` Chris Wright
2005-03-08 18:55 ` Lee Revell
2005-03-08 19:11 ` Paul Davis
2005-03-08 20:29 ` Andrew Morton
2005-03-08 21:20 ` Christoph Hellwig
2005-03-08 21:34 ` Lee Revell
2005-03-08 23:55 ` James Morris
2005-03-08 5:19 ` Jack O'Quin
2005-03-08 4:33 ` Matt Mackall
2005-03-08 4:40 ` Andrew Morton
2005-03-08 5:30 ` Jack O'Quin
2005-03-08 6:33 ` Matt Mackall
2005-03-09 3:39 ` Jack O'Quin
2005-03-09 3:44 ` Matt Mackall
2005-03-09 4:04 ` Jack O'Quin
2005-03-10 14:01 ` Pavel Machek
2005-03-08 5:40 ` Peter Williams
2005-03-08 5:49 ` Ingo Molnar
2005-03-08 6:28 ` Peter Williams
2005-03-08 6:40 ` Chris Wright
2005-03-08 6:42 ` Ingo Molnar
2005-03-08 6:00 ` Chris Wright
2005-03-08 6:18 ` Matt Mackall
2005-03-08 5:38 ` Ingo Molnar
2005-03-08 6:45 ` Chris Wright
2005-03-08 6:49 ` Matt Mackall
2005-03-08 6:55 ` Andrew Morton
2005-03-08 8:45 ` Matt Mackall
2005-03-08 19:17 ` utz lehmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1105477636.4295.47.camel@krustophenia.net \
--to=rlrevell@joe-job.com \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=arjanv@redhat.com \
--cc=chrisw@osdl.org \
--cc=hch@infradead.org \
--cc=joq@io.com \
--cc=kernel@kolivas.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=mpm@selenic.com \
--cc=paul@linuxaudiosystems.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox