On 07/12/16 13:16, Eric W. Biederman wrote:
> Topi Miettinen writes:
>
>> On 07/11/16 21:57, Eric W. Biederman wrote:
>>> Topi Miettinen writes:
>>>
There are many basic ways to control processes, including capabilities,
cgroups and resource limits. However, there are far fewer ways to
On 07/12/16 14:59, Tejun Heo wrote:
> On Mon, Jul 11, 2016 at 07:47:44PM +, Topi Miettinen wrote:
>> It's really critical to be able to associate a task in the logs to
>> cgroups which were valid that time. Or can we infer somehow what cgroups
>
> When is "that time"? Without logging all oper
On Tue, Jul 12, 2016 at 9:16 AM, Eric W. Biederman
wrote:
> Not logging capabilities outside of the initial user namespace is
> certainly the conservative place to start, and what selinux does.
FYI, we added some basic userns capability smarts to SELinux in Linux 4.7.
commit 8e4ff6f228e4722cac
On Mon, Jul 11, 2016 at 7:14 AM, Topi Miettinen wrote:
> There are many basic ways to control processes, including capabilities,
> cgroups and resource limits. However, there are far fewer ways to find
> out useful values for the limits, except blind trial and error.
>
> Currently, there is no way
On Mon, Jul 11, 2016 at 07:47:44PM +, Topi Miettinen wrote:
> It's really critical to be able to associate a task in the logs to
> cgroups which were valid that time. Or can we infer somehow what cgroups
When is "that time"? Without logging all operations, this is
meaningless.
> a task was t
Topi Miettinen writes:
> On 07/11/16 21:57, Eric W. Biederman wrote:
>> Topi Miettinen writes:
>>
>>> There are many basic ways to control processes, including capabilities,
>>> cgroups and resource limits. However, there are far fewer ways to find
>>> out useful values for the limits, except b
On 07/11/16 21:57, Eric W. Biederman wrote:
> Topi Miettinen writes:
>
>> There are many basic ways to control processes, including capabilities,
>> cgroups and resource limits. However, there are far fewer ways to find
>> out useful values for the limits, except blind trial and error.
>>
>> Curr
Topi Miettinen writes:
> There are many basic ways to control processes, including capabilities,
> cgroups and resource limits. However, there are far fewer ways to find
> out useful values for the limits, except blind trial and error.
>
> Currently, there is no way to know which capabilities are
On 07/11/16 17:09, Tejun Heo wrote:
> Hello,
>
> On Mon, Jul 11, 2016 at 02:14:31PM +0300, Topi Miettinen wrote:
>> [ 28.443674] audit: type=1327 audit(1468234333.144:520):
>> proctitle=6D6B6E6F64002F6465762F7A5F343639006300310032
>> [ 28.465888] audit: type=1330 audit(1468234333.144:520):
>
On 07/11/16 16:05, Topi Miettinen wrote:
> On 07/11/16 15:25, Serge E. Hallyn wrote:
>> Quoting Topi Miettinen (toiwo...@gmail.com):
>>> There are many basic ways to control processes, including capabilities,
>>> cgroups and resource limits. However, there are far fewer ways to find
>>> out useful
Hello,
On Mon, Jul 11, 2016 at 02:14:31PM +0300, Topi Miettinen wrote:
> [ 28.443674] audit: type=1327 audit(1468234333.144:520):
> proctitle=6D6B6E6F64002F6465762F7A5F343639006300310032
> [ 28.465888] audit: type=1330 audit(1468234333.144:520):
> cap_used=0800
> [ 28.482080] a
On 07/11/16 15:25, Serge E. Hallyn wrote:
> Quoting Topi Miettinen (toiwo...@gmail.com):
>> There are many basic ways to control processes, including capabilities,
>> cgroups and resource limits. However, there are far fewer ways to find
>> out useful values for the limits, except blind trial and e
Quoting Topi Miettinen (toiwo...@gmail.com):
> There are many basic ways to control processes, including capabilities,
> cgroups and resource limits. However, there are far fewer ways to find
> out useful values for the limits, except blind trial and error.
>
> Currently, there is no way to know w
There are many basic ways to control processes, including capabilities,
cgroups and resource limits. However, there are far fewer ways to find
out useful values for the limits, except blind trial and error.
Currently, there is no way to know which capabilities are actually used.
Even the source co
Hi,
[auto build test ERROR on cgroup/for-next]
[also build test ERROR on v4.7-rc5]
[cannot apply to next-20160701]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/commits/Topi-Miettinen/capabilities-audi
15 matches
Mail list logo
