From: Roger Luethi <rl@hellgate.ch>
To: James Morris <jmorris@redhat.com>
Cc: linux-kernel@vger.kernel.org,
Albert Cahalan <albert@users.sourceforge.net>,
William Lee Irwin III <wli@holomorphy.com>,
"Martin J. Bligh" <mbligh@aracnet.com>, Paul Jackson <pj@sgi.com>,
Chris Wright <chrisw@osdl.org>,
Stephen Smalley <sds@epoch.ncsc.mil>
Subject: Re: [0/2][ANNOUNCE] nproc: netlink access to /proc information
Date: Fri, 27 Aug 2004 17:26:16 +0200 [thread overview]
Message-ID: <20040827152615.GA28531@k3.hellgate.ch> (raw)
In-Reply-To: <Xine.LNX.4.44.0408271043130.7393-100000@thoron.boston.redhat.com>
On Fri, 27 Aug 2004 10:50:23 -0400, James Morris wrote:
> On Fri, 27 Aug 2004, Roger Luethi wrote:
>
> > At the moment, the kernel sends a separate netlink message for every
> > process.
>
> You should look at the way rtnetlink dumps large amounts of data to
> userspace.
At this point, I am just using a working prototype to gauge the interest
in an improved interface. Other than that, I agree. This would be one
of the "speed optimizations I haven't tried".
> > I haven't implemented any form of access control. One possibility is
> > to use some of the reserved bits in the ID field to indicate access
> > restrictions to both kernel and user space (e.g. everyone, process owner,
> > root)
>
> So, user tools would all need to be privileged? That sounds problematic.
It just means that not all the pieces that would be required to make
this a merge candidate have been implemented. I focused on the basic
infrastructure that is needed for the basic protocol.
Adding some access control that is about as smart as file permissions
in /proc is fairly easy (we have the caller pid and netlink_skb_parms
as a starting point). We only have read permissions to care about. It's
trivial to flag each field as "world readable", "owner only" (for fields
with process scope), and "root only". That covers pretty much what
/proc permissions achieve. While I am confident that this will work,
others may have better ideas for access control.
Roger
next prev parent reply other threads:[~2004-08-27 15:42 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-08-27 12:24 [0/2][ANNOUNCE] nproc: netlink access to /proc information Roger Luethi
2004-08-27 12:24 ` [1/2][PATCH] " Roger Luethi
2004-08-27 13:39 ` Roger Luethi
2004-08-27 12:24 ` [2/2][sample code] nproc: user space app Roger Luethi
2004-08-27 14:50 ` [0/2][ANNOUNCE] nproc: netlink access to /proc information James Morris
2004-08-27 15:26 ` Roger Luethi [this message]
2004-08-27 16:23 ` William Lee Irwin III
2004-08-27 16:37 ` Albert Cahalan
2004-08-27 16:41 ` William Lee Irwin III
2004-08-27 17:01 ` Roger Luethi
2004-08-27 17:08 ` William Lee Irwin III
2004-08-28 19:45 ` [BENCHMARK] " Roger Luethi
2004-08-28 19:56 ` William Lee Irwin III
2004-08-28 20:14 ` Roger Luethi
2004-08-29 16:05 ` William Lee Irwin III
2004-08-29 17:02 ` Roger Luethi
2004-08-29 17:20 ` William Lee Irwin III
2004-08-29 17:52 ` Roger Luethi
2004-08-29 18:16 ` William Lee Irwin III
2004-08-29 19:00 ` Roger Luethi
2004-08-29 20:17 ` Albert Cahalan
2004-08-29 20:46 ` William Lee Irwin III
2004-08-29 21:45 ` Albert Cahalan
2004-08-29 22:11 ` William Lee Irwin III
2004-08-29 21:41 ` Roger Luethi
2004-08-29 23:31 ` Albert Cahalan
2004-08-30 7:16 ` Roger Luethi
2004-08-30 10:31 ` Paulo Marques
2004-08-30 10:53 ` William Lee Irwin III
2004-08-30 12:23 ` Paulo Marques
2004-08-30 12:28 ` William Lee Irwin III
2004-08-30 13:43 ` Paulo Marques
2004-08-29 19:07 ` Paul Jackson
2004-08-29 19:17 ` William Lee Irwin III
2004-08-29 19:49 ` Roger Luethi
2004-08-29 20:25 ` William Lee Irwin III
2004-08-31 10:16 ` Roger Luethi
2004-08-31 15:34 ` [BENCHMARK] nproc: Look Ma, No get_tgid_list! Roger Luethi
2004-08-31 19:38 ` William Lee Irwin III
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040827152615.GA28531@k3.hellgate.ch \
--to=rl@hellgate.ch \
--cc=albert@users.sourceforge.net \
--cc=chrisw@osdl.org \
--cc=jmorris@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mbligh@aracnet.com \
--cc=pj@sgi.com \
--cc=sds@epoch.ncsc.mil \
--cc=wli@holomorphy.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox