From: andrea@cpushare.com
To: Arjan van de Ven <arjan@infradead.org>
Cc: Ingo Molnar <mingo@elte.hu>, Adrian Bunk <bunk@stusta.de>,
Andrew Morton <akpm@osdl.org>, Lee Revell <rlrevell@joe-job.com>,
linux-kernel@vger.kernel.org, Alan Cox <alan@redhat.com>,
Linus Torvalds <torvalds@osdl.org>
Subject: Re: [patch] let CONFIG_SECCOMP default to n
Date: Tue, 11 Jul 2006 17:31:17 +0200 [thread overview]
Message-ID: <20060711153117.GJ7192@opteron.random> (raw)
In-Reply-To: <1152628374.3128.66.camel@laptopd505.fenrus.org>
On Tue, Jul 11, 2006 at 04:32:53PM +0200, Arjan van de Ven wrote:
> as far as I can see Fedora has SECCOMP off for a long time already
Well, I didn't know about it... Long time can't be more than a few
months because I was sure in older releases it was enabled because I had
people running seccomp code on fedora.
I never expect it was easy thing to startup the CPUShare project, but
one thing that I didn't expect however was this kind of behaviour from
the leading linux vendor, I didn't get a single email of questions and I
wasn't informed about this, despite they know me perfectly. This
effectively reminds me about the high profile news articles I keep
reading recently that on the sidelines mentions about some RH behaviour
in the industry.
> if there is overhead, and there is no general use for it (which there
> isn't really) then it should be off imo.
I hope the reason was the lack of my last patch. But even in such case
RH could have turned off the tsc thing immediately themself (they know
how to patch the kernel no?) or they could have asked me a single
question about it before turning it off, no?
I hope RH will reconsider with my last patch applied and at the light of
this email as well:
http://www.cpushare.com/hypermail/cpushare-discuss/06/01/0080.html
If they don't reconsider I'll be forced to recommend the Fedora CPUShare
users to switch distro if they don't want having to recompile the kernel
by themself.
I guess now I understand why this new change of mind of Ingo: if he
would succeed to push the N in the main kernel, then nobody could
complain to fedora for setting it to N, while they're in a less obvious
position at the moment where the kernel says "default to y" and they set
it to N to be happy.
As for no general use, this is the people that certainly used seccomp so
far:
cpushare=> select count(*) from accounts where cpucoins != 0;
count
-------
122
(1 row)
cpushare=>
remove 1 that is myself, that leaves 121 persons using seccomp so far
in CPUShare context. One first user already started buying CPU resource
a few days ago, and he's currently computing his own seccomp bytecode
remotely as we speak. So unless they're all wasting their time by
helping me testing the stuff, I'm not the only one that find at least
one useful usage for seccomp (but I think there are many more if only
people would care to use it). Certainly the FUD about the Y and N
availability doesn't help in convincing people to use seccomp to
strengthen decompression security etc...
next prev parent reply other threads:[~2006-07-11 15:30 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-06-29 19:21 [2.6 patch] let CONFIG_SECCOMP default to n Adrian Bunk
2006-06-30 0:44 ` Lee Revell
2006-06-30 1:07 ` Andrew Morton
2006-06-30 1:40 ` Adrian Bunk
2006-06-30 4:52 ` Andrea Arcangeli
2006-06-30 9:47 ` Ingo Molnar
2006-06-30 14:58 ` andrea
2006-07-11 7:36 ` [patch] " Ingo Molnar
2006-07-11 14:17 ` andrea
2006-07-11 14:32 ` Arjan van de Ven
2006-07-11 15:31 ` andrea [this message]
2006-07-11 15:54 ` Arjan van de Ven
2006-07-11 16:13 ` andrea
2006-07-11 16:23 ` Arjan van de Ven
2006-07-11 16:57 ` Alan Cox
2006-07-11 16:25 ` Alan Cox
2006-07-11 16:02 ` Adrian Bunk
2006-07-11 16:16 ` andrea
2006-07-11 16:24 ` Alan Cox
2006-07-12 15:43 ` Andi Kleen
2006-07-12 21:07 ` Ingo Molnar
2006-07-12 22:06 ` Andi Kleen
2006-07-12 22:19 ` Ingo Molnar
2006-07-12 22:33 ` Andi Kleen
2006-07-12 22:49 ` Ingo Molnar
2006-07-13 3:16 ` Andrea Arcangeli
2006-07-13 11:23 ` Jeff Dike
2006-07-13 11:35 ` Ingo Molnar
2006-07-13 3:04 ` Andrea Arcangeli
2006-07-13 3:12 ` Linus Torvalds
2006-07-13 4:40 ` Andrea Arcangeli
2006-07-13 4:51 ` andrea
2006-07-13 5:12 ` Linus Torvalds
2006-07-13 6:22 ` andrea
2006-07-13 1:51 ` Andrew Morton
2006-07-13 2:00 ` Linus Torvalds
2006-07-13 7:44 ` James Bruce
2006-07-13 8:34 ` andrea
2006-07-13 9:18 ` Andrew Morton
2006-07-14 6:09 ` [PATCH] TIF_NOTSC and SECCOMP prctl andrea
2006-07-14 6:27 ` Andrew Morton
2006-07-14 6:33 ` andrea
2006-07-13 12:13 ` [patch] let CONFIG_SECCOMP default to n Andi Kleen
2006-07-12 21:22 ` Ingo Molnar
2006-07-12 22:11 ` Andi Kleen
2006-07-11 15:54 ` Pavel Machek
2006-06-30 12:39 ` [2.6 patch] " Alan Cox
2006-06-30 2:35 ` Randy.Dunlap
2006-06-30 15:03 ` Lee Revell
2006-07-08 9:23 ` Andrea Arcangeli
2006-07-11 1:59 ` Andrew James Wade
2006-07-11 4:16 ` andrea
2006-07-11 20:19 ` Andrew James Wade
2006-07-12 21:05 ` andrea
2006-07-12 22:02 ` Alan Cox
2006-07-12 23:44 ` andrea
2006-07-13 21:29 ` Pavel Machek
2006-07-13 23:11 ` andrea
2006-07-13 23:20 ` Pavel Machek
2006-07-14 0:34 ` andrea
2006-07-15 2:55 ` Valdis.Kletnieks
2006-07-16 0:51 ` andrea
2006-07-16 1:54 ` Pavel Machek
2006-07-16 15:36 ` andrea
2006-07-13 2:56 ` Andrew James Wade
2006-07-12 21:13 ` Ingo Molnar
2006-07-13 1:16 ` andrea
2006-07-13 1:37 ` Andrew James Wade
-- strict thread matches above, loose matches on Subject: below --
2006-07-12 21:37 [patch] " Chuck Ebbert
2006-07-12 21:55 ` Linus Torvalds
2006-07-12 22:48 ` andrea
2006-07-12 21:57 ` Andi Kleen
2006-07-13 5:43 Albert Cahalan
2006-07-13 7:07 ` andrea
[not found] <6tgj0-8ip-19@gated-at.bofh.it>
[not found] ` <6xP8s-5mc-9@gated-at.bofh.it>
[not found] ` <6xUhQ-4Wx-33@gated-at.bofh.it>
[not found] ` <6xVdX-6oH-53@gated-at.bofh.it>
[not found] ` <6xVnz-6AI-21@gated-at.bofh.it>
[not found] ` <6xZUd-4Es-13@gated-at.bofh.it>
[not found] ` <6y7yy-7ws-13@gated-at.bofh.it>
[not found] ` <6y7RK-7TX-9@gated-at.bofh.it>
2006-07-17 11:37 ` Bodo Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060711153117.GJ7192@opteron.random \
--to=andrea@cpushare.com \
--cc=akpm@osdl.org \
--cc=alan@redhat.com \
--cc=arjan@infradead.org \
--cc=bunk@stusta.de \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=rlrevell@joe-job.com \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox