From: Martin Mares <mj@ucw.cz>
To: Paul Davis <paul@linuxaudiosystems.com>
Cc: Arjan van de Ven <arjanv@redhat.com>,
Christoph Hellwig <hch@infradead.org>,
Lee Revell <rlrevell@joe-job.com>, Ingo Molnar <mingo@elte.hu>,
Chris Wright <chrisw@osdl.org>,
Alan Cox <alan@lxorguk.ukuu.org.uk>, "Jack O'Quin" <joq@io.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@osdl.org>
Subject: Re: [PATCH] [request for inclusion] Realtime LSM
Date: Fri, 7 Jan 2005 17:03:59 +0100 [thread overview]
Message-ID: <20050107160359.GA6529@ucw.cz> (raw)
In-Reply-To: <200501071541.j07FfeQC018553@localhost.localdomain>
Hello!
> >yes; most distributions will use pam for this, you can set per user or per
> >gorup limits there.
>
> isn't that a uid/gid based system? ok, i'm being a little snide :)
:) The big difference between this and a pure uid/gid based system is that
pam_limits is not the only place where you can change the ulimits. If your
system is simple enough that deciding on uid/gid is enough, you can use
pam_limits; if not and you for example want to make the limits depend
on the phase of the moon, it's easy to do so -- just write a simple user space
program which will set the limits accordingly. Also, if the user wishes to
restrict his abilities, because he's going to do some experiment and he
doesn't want to lock up the machine, he can easily do so.
Except for filesystem permissions, I think that it's exactly the usual UNIX
way of controlling access -- the kernel takes care of access checks based
on some trivial attributes like ulimits and capabilities, and user space
decides who should get which. I don't see any reason why the right to use
realtime scheduling should be treated differently. Do you?
It's quite probable that the current system of capabilities is not well
suited for this, but I think that although it's tempting to work around it
by introducing a new security module, in the long term it's much better
to extend and/or fix the capabilities -- I don't see any fundamental reason
for capabilities being unusable for this goal, it's much more likely to be
just minor details in the implementation.
Have a nice fortnight
--
Martin `MJ' Mares <mj@ucw.cz> http://atrey.karlin.mff.cuni.cz/~mj/
Faculty of Math and Physics, Charles University, Prague, Czech Rep., Earth
Always remember that you are absolutely unique ... just like everyone else.
next prev parent reply other threads:[~2005-01-07 16:04 UTC|newest]
Thread overview: 266+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-12-30 2:43 [PATCH] [request for inclusion] Realtime LSM Lee Revell
2005-01-03 14:03 ` Christoph Hellwig
2005-01-03 14:15 ` Arjan van de Ven
2005-01-07 16:40 ` Lee Revell
2005-01-04 18:16 ` Lee Revell
2005-01-04 18:20 ` Christoph Hellwig
2005-01-04 18:55 ` Jack O'Quin
2005-01-04 18:59 ` Lee Revell
2005-01-05 0:01 ` Alan Cox
2005-01-05 1:28 ` Lee Revell
2005-01-05 1:30 ` Lee Revell
2005-01-05 1:50 ` Chris Wright
2005-01-05 1:55 ` Lee Revell
2005-01-05 2:05 ` Chris Wright
2005-01-05 2:58 ` Kyle Moffett
2005-01-05 3:45 ` Chris Wright
2005-01-05 4:06 ` Jack O'Quin
2005-01-05 11:52 ` Ingo Molnar
2005-01-05 15:19 ` Lee Revell
2005-01-05 15:21 ` Lee Revell
2005-01-07 12:56 ` Paul Davis
2005-01-07 13:04 ` Christoph Hellwig
2005-01-07 14:16 ` Paul Davis
2005-01-07 14:26 ` Arjan van de Ven
2005-01-07 14:38 ` Paul Davis
2005-01-07 14:42 ` Arjan van de Ven
2005-01-07 15:27 ` Paul Davis
2005-01-07 15:33 ` Arjan van de Ven
2005-01-07 15:41 ` Paul Davis
2005-01-07 16:03 ` Arjan van de Ven
2005-01-07 16:20 ` Takashi Iwai
2005-01-08 5:36 ` Con Kolivas
2005-01-08 6:21 ` Jack O'Quin
2005-01-07 16:20 ` Paul Davis
2005-01-07 21:12 ` Lee Revell
2005-01-07 21:49 ` Andrew Morton
2005-01-07 22:07 ` Valdis.Kletnieks
2005-01-07 22:36 ` Chris Wright
2005-01-07 23:01 ` Valdis.Kletnieks
2005-01-07 23:20 ` Andrew Morton
2005-01-07 23:34 ` Valdis.Kletnieks
2005-01-10 21:05 ` Matt Mackall
2005-01-07 22:10 ` Christoph Hellwig
2005-01-07 22:26 ` Paul Davis
2005-01-07 22:29 ` Chris Wright
2005-01-08 6:12 ` Jack O'Quin
2005-01-08 16:56 ` ross
2005-01-08 18:25 ` Christoph Hellwig
2005-01-08 22:20 ` Lee Revell
2005-01-08 22:27 ` Andreas Steinmetz
2005-01-08 22:14 ` Lee Revell
2005-01-10 21:20 ` Matt Mackall
2005-01-11 13:05 ` Paul Davis
2005-01-11 16:28 ` Jack O'Quin
2005-01-11 18:59 ` Matt Mackall
2005-01-11 20:47 ` utz lehmann
2005-01-11 21:07 ` Lee Revell
2005-01-11 19:17 ` Matt Mackall
2005-01-11 19:42 ` Jack O'Quin
2005-01-11 20:50 ` Chris Wright
2005-01-11 20:58 ` Ingo Molnar
2005-01-11 21:14 ` Chris Wright
2005-01-11 21:27 ` Ingo Molnar
2005-01-11 22:13 ` Chris Wright
2005-01-11 22:26 ` Con Kolivas
2005-01-12 3:21 ` Jack O'Quin
2005-01-12 4:29 ` Chris Wright
2005-01-13 5:44 ` Jack O'Quin
2005-01-13 6:34 ` Matt Mackall
2005-01-13 19:17 ` Jack O'Quin
2005-01-14 20:52 ` Lee Revell
2005-01-15 0:42 ` Jack O'Quin
2005-01-15 2:19 ` Randy.Dunlap
2005-01-15 4:06 ` Jack O'Quin
2005-01-15 13:49 ` Ingo Molnar
2005-01-15 23:02 ` Jack O'Quin
2005-01-15 23:38 ` Jack O'Quin
2005-01-16 23:13 ` Ingo Molnar
2005-01-16 23:57 ` Jack O'Quin
2005-01-17 9:17 ` Sytse Wielinga
2005-01-17 14:36 ` Ingo Molnar
2005-01-17 10:06 ` Ingo Molnar
2005-01-18 5:02 ` Jack O'Quin
2005-01-18 8:02 ` Ingo Molnar
2005-01-18 17:05 ` Jack O'Quin
2005-01-19 8:24 ` Ingo Molnar
2005-01-19 14:39 ` Ingo Molnar
2005-01-19 17:45 ` Jack O'Quin
2005-01-19 18:32 ` Matt Mackall
2005-01-20 8:07 ` Ingo Molnar
2005-01-20 8:05 ` Ingo Molnar
2005-01-11 14:30 ` Jack O'Quin
2005-01-11 19:50 ` Matt Mackall
2005-01-11 19:57 ` Jack O'Quin
2005-01-11 20:05 ` Matt Mackall
2005-01-11 20:29 ` Lee Revell
2005-01-11 20:47 ` Chris Wright
2005-01-11 21:10 ` Lee Revell
2005-01-11 21:20 ` Chris Wright
2005-01-11 21:28 ` Matt Mackall
2005-01-11 21:38 ` Lee Revell
2005-01-11 21:41 ` Arjan van de Ven
2005-01-11 22:51 ` Paul Davis
2005-01-11 23:05 ` Chris Wright
2005-01-12 1:43 ` Jack O'Quin
2005-01-12 7:49 ` Arjan van de Ven
2005-01-12 21:12 ` Lee Revell
2005-01-13 0:44 ` Jack O'Quin
2005-01-13 7:28 ` Arjan van de Ven
2005-01-13 21:04 ` Jack O'Quin
2005-01-13 21:07 ` Arjan van de Ven
2005-01-13 21:25 ` Lee Revell
2005-01-13 21:43 ` Arjan van de Ven
2005-01-13 23:31 ` Jack O'Quin
2005-01-14 0:33 ` Chris Wright
2005-01-14 0:50 ` Con Kolivas
2005-01-14 1:20 ` Matt Mackall
2005-01-14 1:27 ` Con Kolivas
2005-01-14 17:20 ` Mike Galbraith
2005-01-15 1:14 ` Jack O'Quin
2005-01-15 8:06 ` Mike Galbraith
2005-01-15 23:48 ` Jack O'Quin
2005-01-14 2:05 ` utz lehmann
2005-01-14 2:08 ` Con Kolivas
2005-01-14 2:23 ` Andrew Morton
2005-01-14 2:35 ` utz lehmann
2005-01-14 2:42 ` Con Kolivas
2005-01-14 3:20 ` Andrew Morton
2005-01-14 3:28 ` utz lehmann
2005-01-14 3:26 ` utz lehmann
2005-01-14 2:24 ` Nick Piggin
2005-01-14 2:40 ` Paul Davis
2005-01-14 2:57 ` Nick Piggin
2005-01-14 3:12 ` Andrew Morton
2005-01-14 3:18 ` Con Kolivas
2005-01-14 3:30 ` Paul Davis
2005-01-14 3:38 ` Con Kolivas
2005-01-14 3:51 ` Paul Davis
2005-01-14 4:00 ` Con Kolivas
2005-01-14 4:16 ` Nick Piggin
2005-01-14 4:04 ` Nick Piggin
2005-01-14 3:31 ` Nick Piggin
2005-01-14 3:34 ` Paul Davis
2005-01-14 4:11 ` Con Kolivas
2005-01-14 4:23 ` Nick Piggin
2005-01-14 4:45 ` Paul Davis
2005-01-14 5:14 ` Nick Piggin
2005-01-14 9:21 ` Will Dyson
2005-01-14 9:54 ` Nick Piggin
2005-01-14 6:57 ` Matt Mackall
2005-01-14 7:04 ` Andrew Morton
2005-01-14 7:55 ` Chris Wright
2005-01-14 20:10 ` Chris Wright
2005-01-14 20:55 ` Matt Mackall
2005-01-14 23:04 ` Chris Wright
2005-01-15 0:58 ` Matt Mackall
2005-01-11 22:05 ` Matt Mackall
2005-01-11 21:42 ` Chris Wright
2005-01-11 22:16 ` Matt Mackall
2005-01-11 22:21 ` Chris Wright
2005-01-11 22:36 ` utz lehmann
2005-01-11 22:41 ` Chris Wright
2005-01-11 22:17 ` utz
2005-01-11 22:48 ` Paul Davis
2005-01-11 23:06 ` Matt Mackall
2005-01-12 2:13 ` Paul Davis
2005-01-12 19:09 ` Matt Mackall
2005-01-12 21:25 ` Lee Revell
2005-01-11 20:19 ` Chris Friesen
2005-01-11 22:45 ` Paul Davis
2005-01-11 21:21 ` Ingo Molnar
2005-01-12 2:10 ` Jack O'Quin
2005-01-15 4:56 ` Jack O'Quin
2005-01-15 14:43 ` Ingo Molnar
2005-01-15 23:10 ` Jack O'Quin
2005-01-16 1:48 ` Jack O'Quin
2005-01-16 4:30 ` Jack O'Quin
2005-01-16 23:22 ` Ingo Molnar
2005-01-07 23:00 ` Lee Revell
2005-01-07 22:22 ` Paul Davis
2005-01-07 22:44 ` Andreas Steinmetz
2005-01-07 16:03 ` Martin Mares [this message]
2005-01-07 16:22 ` Paul Davis
2005-01-08 13:04 ` Paul Jakma
2005-01-07 14:47 ` Christoph Hellwig
2005-01-07 15:26 ` Paul Davis
2005-01-07 16:08 ` Martin Mares
2005-01-07 16:14 ` Paul Davis
2005-01-07 16:29 ` Martin Mares
2005-01-07 16:36 ` Paul Davis
2005-01-07 17:06 ` Martin Mares
2005-01-07 17:29 ` Chris Wright
2005-01-07 17:32 ` Martin Mares
2005-01-07 17:38 ` Chris Wright
2005-01-07 19:55 ` Jack O'Quin
2005-01-07 16:37 ` Takashi Iwai
2005-01-07 16:41 ` Martin Mares
2005-01-07 17:53 ` Chris Wright
2005-01-07 18:01 ` Chris Wright
2005-01-05 18:18 ` Jack O'Quin
2005-01-05 4:04 ` Jack O'Quin
2005-01-05 11:25 ` Christoph Hellwig
2005-01-05 17:32 ` Lee Revell
2005-01-05 19:11 ` Christoph Hellwig
2005-01-05 11:20 ` Christoph Hellwig
2005-01-04 18:57 ` Lee Revell
2005-01-05 1:35 ` Andreas Steinmetz
2005-01-05 4:18 ` Alan Cox
2005-01-05 5:50 ` Andrew Morton
2005-01-05 12:06 ` Herbert Poetzl
2005-01-07 1:13 ` Matt Mackall
2005-01-07 1:55 ` Alan Cox
2005-01-07 20:05 ` Matt Mackall
2005-01-05 20:09 ` Olaf Dietsche
2005-01-07 1:18 ` Matt Mackall
2005-01-07 2:36 ` Lee Revell
2005-01-07 5:54 ` Jack O'Quin
2005-01-07 20:02 ` Matt Mackall
2005-01-07 20:21 ` Chris Wright
2005-01-07 20:27 ` Jack O'Quin
2005-01-07 20:46 ` Matt Mackall
2005-01-07 20:55 ` Lee Revell
2005-01-07 21:20 ` Matt Mackall
2005-01-07 21:29 ` Chris Wright
2005-01-07 20:45 ` Lee Revell
2005-01-05 11:39 ` Christoph Hellwig
2005-01-05 17:35 ` Lee Revell
2005-01-05 19:11 ` Christoph Hellwig
2005-01-05 11:24 ` Christoph Hellwig
[not found] <20050112185258.GG2940@waste.org>
2005-01-12 21:16 ` Paul Davis
2005-03-08 3:50 ` Andrew Morton
2005-03-08 3:55 ` Christoph Hellwig
2005-03-08 4:16 ` Andrew Morton
2005-03-08 4:22 ` Ingo Molnar
2005-03-08 4:28 ` Andrew Morton
2005-03-08 4:32 ` Christoph Hellwig
2005-03-08 4:47 ` Matt Mackall
2005-03-08 4:58 ` Chris Wright
2005-03-08 18:55 ` Lee Revell
2005-03-08 19:11 ` Paul Davis
2005-03-08 20:29 ` Andrew Morton
2005-03-08 21:20 ` Christoph Hellwig
2005-03-08 21:34 ` Lee Revell
2005-03-08 23:55 ` James Morris
2005-03-08 5:19 ` Jack O'Quin
2005-03-08 4:33 ` Matt Mackall
2005-03-08 4:40 ` Andrew Morton
2005-03-08 5:30 ` Jack O'Quin
2005-03-08 6:33 ` Matt Mackall
2005-03-09 3:39 ` Jack O'Quin
2005-03-09 3:44 ` Matt Mackall
2005-03-09 4:04 ` Jack O'Quin
2005-03-10 14:01 ` Pavel Machek
2005-03-08 5:40 ` Peter Williams
2005-03-08 5:49 ` Ingo Molnar
2005-03-08 6:28 ` Peter Williams
2005-03-08 6:40 ` Chris Wright
2005-03-08 6:42 ` Ingo Molnar
2005-03-08 6:00 ` Chris Wright
2005-03-08 6:18 ` Matt Mackall
2005-03-08 5:38 ` Ingo Molnar
2005-03-08 6:45 ` Chris Wright
2005-03-08 6:49 ` Matt Mackall
2005-03-08 6:55 ` Andrew Morton
2005-03-08 8:45 ` Matt Mackall
2005-03-08 19:17 ` utz lehmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050107160359.GA6529@ucw.cz \
--to=mj@ucw.cz \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=arjanv@redhat.com \
--cc=chrisw@osdl.org \
--cc=hch@infradead.org \
--cc=joq@io.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=paul@linuxaudiosystems.com \
--cc=rlrevell@joe-job.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox