From: Peter Williams <pwil3058@bigpond.net.au> To: Ingo Molnar <mingo@elte.hu> Cc: Andrew Morton <akpm@osdl.org>, Matt Mackall <mpm@selenic.com>, paul@linuxaudiosystems.com, joq@io.com, cfriesen@nortelnetworks.com, chrisw@osdl.org, hch@infradead.org, rlrevell@joe-job.com, arjanv@redhat.com, alan@lxorguk.ukuu.org.uk, linux-kernel@vger.kernel.org Subject: Re: [PATCH] [request for inclusion] Realtime LSM Date: Tue, 08 Mar 2005 17:28:56 +1100 [thread overview] Message-ID: <422D4628.8060203@bigpond.net.au> (raw) In-Reply-To: <20050308054931.GA20200@elte.hu> Ingo Molnar wrote: > * Peter Williams <pwil3058@bigpond.net.au> wrote: > > >>I don't object to rlimits per se and I think that they are useful but >>not as a sole solution to this problem. Being able to give a task >>preferential treatment is a permissions issue and should be solved as >>one. >> >>Having RT cpu usage limits on tasks is a useful tool to have when >>granting normal users the privilege of running tasks as RT tasks so >>that you can limit the damage that they can do BUT the presence of a >>limit on a task is not a very good criterion for granting that >>privilege. > > > i think you are talking about my rlimit patch (the 'RT CPU limit' patch) > - but that one is not in discussion here. > > what is being discussed currently is the other rlimit patch (from Chris > Wright and Matt Mackall) which implements a simple rlimit ceiling for > the RT (and nice) priorities a task can set. The rlimit defaults to 0, > meaning no change in behavior by default. A value of 50 means RT > priority levels 1-50 are allowed. A value of 100 means all 99 privilege > levels from 1 to 99 are allowed. CAP_SYS_NICE is blanket permission. > It's all pretty finegrained and and it's a quite straightforward > extension of what we have today. OK. My misunderstanding. But the patch you describe still seems a little loose to me in that it doesn't control both which users AND which programs they can run. Although I suppose that can be managed by suitable setting of file permissions? Also I presume that root privileges are needed to set the rlimits which means that the program has to be setuid root or run from a setuid root wrapper. In the first of these cases the program will be running for a (hopefully) short while with way more privilege than it needs. This is why I'm attracted to mechanisms that allow programs to be given a subset of root's privileges and only for specified users. I would be nice to have a solution to this particular problem that fits in with such a generalized "granular" privilege mechanism (when/if such a mechanism becomes available in the future) rather than a quirky fix that is specific to this problem and doesn't generalize well to similar problems when they arise in the future. However, I agree with your opinion that granting CAP_SYS_NICE is dangerous without some limit on the priority levels is dangerous and think that a generalized "granular" privilege mechanism would need to include such restrictions. > The patch does not attempt to do any > "damage control" of abuse caused by RT tasks, and is hence much simpler > than my patch or Con's SCHED_ISO patch. ("damage control" could be done > from userspace anyway) Yes. In kernel "damage control" is an optional extra not a necessity with this solution. Not so sure about with the RT LSB solution though. Peter -- Peter Williams pwil3058@bigpond.net.au "Learning, n. The kind of ignorance distinguishing the studious." -- Ambrose Bierce
next prev parent reply other threads:[~2005-03-08 6:29 UTC|newest]
Thread overview: 266+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20050112185258.GG2940@waste.org>
2005-01-12 21:16 ` [PATCH] [request for inclusion] Realtime LSM Paul Davis
2005-03-08 3:50 ` Andrew Morton
2005-03-08 3:55 ` Christoph Hellwig
2005-03-08 4:16 ` Andrew Morton
2005-03-08 4:22 ` Ingo Molnar
2005-03-08 4:28 ` Andrew Morton
2005-03-08 4:32 ` Christoph Hellwig
2005-03-08 4:47 ` Matt Mackall
2005-03-08 4:58 ` Chris Wright
2005-03-08 18:55 ` Lee Revell
2005-03-08 19:11 ` Paul Davis
2005-03-08 20:29 ` Andrew Morton
2005-03-08 21:20 ` Christoph Hellwig
2005-03-08 21:34 ` Lee Revell
2005-03-08 23:55 ` James Morris
2005-03-08 5:19 ` Jack O'Quin
2005-03-08 4:33 ` Matt Mackall
2005-03-08 4:40 ` Andrew Morton
2005-03-08 5:30 ` Jack O'Quin
2005-03-08 6:33 ` Matt Mackall
2005-03-09 3:39 ` Jack O'Quin
2005-03-09 3:44 ` Matt Mackall
2005-03-09 4:04 ` Jack O'Quin
2005-03-10 14:01 ` Pavel Machek
2005-03-08 5:40 ` Peter Williams
2005-03-08 5:49 ` Ingo Molnar
2005-03-08 6:28 ` Peter Williams [this message]
2005-03-08 6:40 ` Chris Wright
2005-03-08 6:42 ` Ingo Molnar
2005-03-08 6:00 ` Chris Wright
2005-03-08 6:18 ` Matt Mackall
2005-03-08 5:38 ` Ingo Molnar
2005-03-08 6:45 ` Chris Wright
2005-03-08 6:49 ` Matt Mackall
2005-03-08 6:55 ` Andrew Morton
2005-03-08 8:45 ` Matt Mackall
2005-03-08 19:17 ` utz lehmann
2004-12-30 2:43 Lee Revell
2005-01-03 14:03 ` Christoph Hellwig
2005-01-03 14:15 ` Arjan van de Ven
2005-01-07 16:40 ` Lee Revell
2005-01-04 18:16 ` Lee Revell
2005-01-04 18:20 ` Christoph Hellwig
2005-01-04 18:55 ` Jack O'Quin
2005-01-04 18:59 ` Lee Revell
2005-01-05 0:01 ` Alan Cox
2005-01-05 1:28 ` Lee Revell
2005-01-05 1:30 ` Lee Revell
2005-01-05 1:50 ` Chris Wright
2005-01-05 1:55 ` Lee Revell
2005-01-05 2:05 ` Chris Wright
2005-01-05 2:58 ` Kyle Moffett
2005-01-05 3:45 ` Chris Wright
2005-01-05 4:06 ` Jack O'Quin
2005-01-05 11:52 ` Ingo Molnar
2005-01-05 15:19 ` Lee Revell
2005-01-05 15:21 ` Lee Revell
2005-01-07 12:56 ` Paul Davis
2005-01-07 13:04 ` Christoph Hellwig
2005-01-07 14:16 ` Paul Davis
2005-01-07 14:26 ` Arjan van de Ven
2005-01-07 14:38 ` Paul Davis
2005-01-07 14:42 ` Arjan van de Ven
2005-01-07 15:27 ` Paul Davis
2005-01-07 15:33 ` Arjan van de Ven
2005-01-07 15:41 ` Paul Davis
2005-01-07 16:03 ` Arjan van de Ven
2005-01-07 16:20 ` Takashi Iwai
2005-01-08 5:36 ` Con Kolivas
2005-01-08 6:21 ` Jack O'Quin
2005-01-07 16:20 ` Paul Davis
2005-01-07 21:12 ` Lee Revell
2005-01-07 21:49 ` Andrew Morton
2005-01-07 22:07 ` Valdis.Kletnieks
2005-01-07 22:36 ` Chris Wright
2005-01-07 23:01 ` Valdis.Kletnieks
2005-01-07 23:20 ` Andrew Morton
2005-01-07 23:34 ` Valdis.Kletnieks
2005-01-10 21:05 ` Matt Mackall
2005-01-07 22:10 ` Christoph Hellwig
2005-01-07 22:26 ` Paul Davis
2005-01-07 22:29 ` Chris Wright
2005-01-08 6:12 ` Jack O'Quin
2005-01-08 16:56 ` ross
2005-01-08 18:25 ` Christoph Hellwig
2005-01-08 22:20 ` Lee Revell
2005-01-08 22:27 ` Andreas Steinmetz
2005-01-08 22:14 ` Lee Revell
2005-01-10 21:20 ` Matt Mackall
2005-01-11 13:05 ` Paul Davis
2005-01-11 16:28 ` Jack O'Quin
2005-01-11 18:59 ` Matt Mackall
2005-01-11 20:47 ` utz lehmann
2005-01-11 21:07 ` Lee Revell
2005-01-11 19:17 ` Matt Mackall
2005-01-11 19:42 ` Jack O'Quin
2005-01-11 20:50 ` Chris Wright
2005-01-11 20:58 ` Ingo Molnar
2005-01-11 21:14 ` Chris Wright
2005-01-11 21:27 ` Ingo Molnar
2005-01-11 22:13 ` Chris Wright
2005-01-11 22:26 ` Con Kolivas
2005-01-12 3:21 ` Jack O'Quin
2005-01-12 4:29 ` Chris Wright
2005-01-13 5:44 ` Jack O'Quin
2005-01-13 6:34 ` Matt Mackall
2005-01-13 19:17 ` Jack O'Quin
2005-01-14 20:52 ` Lee Revell
2005-01-15 0:42 ` Jack O'Quin
2005-01-15 2:19 ` Randy.Dunlap
2005-01-15 4:06 ` Jack O'Quin
2005-01-15 13:49 ` Ingo Molnar
2005-01-15 23:02 ` Jack O'Quin
2005-01-15 23:38 ` Jack O'Quin
2005-01-16 23:13 ` Ingo Molnar
2005-01-16 23:57 ` Jack O'Quin
2005-01-17 9:17 ` Sytse Wielinga
2005-01-17 14:36 ` Ingo Molnar
2005-01-17 10:06 ` Ingo Molnar
2005-01-18 5:02 ` Jack O'Quin
2005-01-18 8:02 ` Ingo Molnar
2005-01-18 17:05 ` Jack O'Quin
2005-01-19 8:24 ` Ingo Molnar
2005-01-19 14:39 ` Ingo Molnar
2005-01-19 17:45 ` Jack O'Quin
2005-01-19 18:32 ` Matt Mackall
2005-01-20 8:07 ` Ingo Molnar
2005-01-20 8:05 ` Ingo Molnar
2005-01-11 14:30 ` Jack O'Quin
2005-01-11 19:50 ` Matt Mackall
2005-01-11 19:57 ` Jack O'Quin
2005-01-11 20:05 ` Matt Mackall
2005-01-11 20:29 ` Lee Revell
2005-01-11 20:47 ` Chris Wright
2005-01-11 21:10 ` Lee Revell
2005-01-11 21:20 ` Chris Wright
2005-01-11 21:28 ` Matt Mackall
2005-01-11 21:38 ` Lee Revell
2005-01-11 21:41 ` Arjan van de Ven
2005-01-11 22:51 ` Paul Davis
2005-01-11 23:05 ` Chris Wright
2005-01-12 1:43 ` Jack O'Quin
2005-01-12 7:49 ` Arjan van de Ven
2005-01-12 21:12 ` Lee Revell
2005-01-13 0:44 ` Jack O'Quin
2005-01-13 7:28 ` Arjan van de Ven
2005-01-13 21:04 ` Jack O'Quin
2005-01-13 21:07 ` Arjan van de Ven
2005-01-13 21:25 ` Lee Revell
2005-01-13 21:43 ` Arjan van de Ven
2005-01-13 23:31 ` Jack O'Quin
2005-01-14 0:33 ` Chris Wright
2005-01-14 0:50 ` Con Kolivas
2005-01-14 1:20 ` Matt Mackall
2005-01-14 1:27 ` Con Kolivas
2005-01-14 17:20 ` Mike Galbraith
2005-01-15 1:14 ` Jack O'Quin
2005-01-15 8:06 ` Mike Galbraith
2005-01-15 23:48 ` Jack O'Quin
2005-01-14 2:05 ` utz lehmann
2005-01-14 2:08 ` Con Kolivas
2005-01-14 2:23 ` Andrew Morton
2005-01-14 2:35 ` utz lehmann
2005-01-14 2:42 ` Con Kolivas
2005-01-14 3:20 ` Andrew Morton
2005-01-14 3:28 ` utz lehmann
2005-01-14 3:26 ` utz lehmann
2005-01-14 2:24 ` Nick Piggin
2005-01-14 2:40 ` Paul Davis
2005-01-14 2:57 ` Nick Piggin
2005-01-14 3:12 ` Andrew Morton
2005-01-14 3:18 ` Con Kolivas
2005-01-14 3:30 ` Paul Davis
2005-01-14 3:38 ` Con Kolivas
2005-01-14 3:51 ` Paul Davis
2005-01-14 4:00 ` Con Kolivas
2005-01-14 4:16 ` Nick Piggin
2005-01-14 4:04 ` Nick Piggin
2005-01-14 3:31 ` Nick Piggin
2005-01-14 3:34 ` Paul Davis
2005-01-14 4:11 ` Con Kolivas
2005-01-14 4:23 ` Nick Piggin
2005-01-14 4:45 ` Paul Davis
2005-01-14 5:14 ` Nick Piggin
2005-01-14 9:21 ` Will Dyson
2005-01-14 9:54 ` Nick Piggin
2005-01-14 6:57 ` Matt Mackall
2005-01-14 7:04 ` Andrew Morton
2005-01-14 7:55 ` Chris Wright
2005-01-14 20:10 ` Chris Wright
2005-01-14 20:55 ` Matt Mackall
2005-01-14 23:04 ` Chris Wright
2005-01-15 0:58 ` Matt Mackall
2005-01-11 22:05 ` Matt Mackall
2005-01-11 21:42 ` Chris Wright
2005-01-11 22:16 ` Matt Mackall
2005-01-11 22:21 ` Chris Wright
2005-01-11 22:36 ` utz lehmann
2005-01-11 22:41 ` Chris Wright
2005-01-11 22:17 ` utz
2005-01-11 22:48 ` Paul Davis
2005-01-11 23:06 ` Matt Mackall
2005-01-12 2:13 ` Paul Davis
2005-01-12 19:09 ` Matt Mackall
2005-01-12 21:25 ` Lee Revell
2005-01-11 20:19 ` Chris Friesen
2005-01-11 22:45 ` Paul Davis
2005-01-11 21:21 ` Ingo Molnar
2005-01-12 2:10 ` Jack O'Quin
2005-01-15 4:56 ` Jack O'Quin
2005-01-15 14:43 ` Ingo Molnar
2005-01-15 23:10 ` Jack O'Quin
2005-01-16 1:48 ` Jack O'Quin
2005-01-16 4:30 ` Jack O'Quin
2005-01-16 23:22 ` Ingo Molnar
2005-01-07 23:00 ` Lee Revell
2005-01-07 22:22 ` Paul Davis
2005-01-07 22:44 ` Andreas Steinmetz
2005-01-07 16:03 ` Martin Mares
2005-01-07 16:22 ` Paul Davis
2005-01-08 13:04 ` Paul Jakma
2005-01-07 14:47 ` Christoph Hellwig
2005-01-07 15:26 ` Paul Davis
2005-01-07 16:08 ` Martin Mares
2005-01-07 16:14 ` Paul Davis
2005-01-07 16:29 ` Martin Mares
2005-01-07 16:36 ` Paul Davis
2005-01-07 17:06 ` Martin Mares
2005-01-07 17:29 ` Chris Wright
2005-01-07 17:32 ` Martin Mares
2005-01-07 17:38 ` Chris Wright
2005-01-07 19:55 ` Jack O'Quin
2005-01-07 16:37 ` Takashi Iwai
2005-01-07 16:41 ` Martin Mares
2005-01-07 17:53 ` Chris Wright
2005-01-07 18:01 ` Chris Wright
2005-01-05 18:18 ` Jack O'Quin
2005-01-05 4:04 ` Jack O'Quin
2005-01-05 11:25 ` Christoph Hellwig
2005-01-05 17:32 ` Lee Revell
2005-01-05 19:11 ` Christoph Hellwig
2005-01-05 11:20 ` Christoph Hellwig
2005-01-04 18:57 ` Lee Revell
2005-01-05 1:35 ` Andreas Steinmetz
2005-01-05 4:18 ` Alan Cox
2005-01-05 5:50 ` Andrew Morton
2005-01-05 12:06 ` Herbert Poetzl
2005-01-07 1:13 ` Matt Mackall
2005-01-07 1:55 ` Alan Cox
2005-01-07 20:05 ` Matt Mackall
2005-01-05 20:09 ` Olaf Dietsche
2005-01-07 1:18 ` Matt Mackall
2005-01-07 2:36 ` Lee Revell
2005-01-07 5:54 ` Jack O'Quin
2005-01-07 20:02 ` Matt Mackall
2005-01-07 20:21 ` Chris Wright
2005-01-07 20:27 ` Jack O'Quin
2005-01-07 20:46 ` Matt Mackall
2005-01-07 20:55 ` Lee Revell
2005-01-07 21:20 ` Matt Mackall
2005-01-07 21:29 ` Chris Wright
2005-01-07 20:45 ` Lee Revell
2005-01-05 11:39 ` Christoph Hellwig
2005-01-05 17:35 ` Lee Revell
2005-01-05 19:11 ` Christoph Hellwig
2005-01-05 11:24 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=422D4628.8060203@bigpond.net.au \
--to=pwil3058@bigpond.net.au \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=arjanv@redhat.com \
--cc=cfriesen@nortelnetworks.com \
--cc=chrisw@osdl.org \
--cc=hch@infradead.org \
--cc=joq@io.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=mpm@selenic.com \
--cc=paul@linuxaudiosystems.com \
--cc=rlrevell@joe-job.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox