Re: [PATCH] [request for inclusion] Realtime LSM

From: Will Dyson (will.dyson_at_gmail.com)
Date: 01/14/05

  • Next message: Hsu I-Chieh: "A question about anonymous page" 
    Date:	Fri, 14 Jan 2005 04:21:33 -0500
To: Nick Piggin <nickpiggin@yahoo.com.au>

    On Fri, 14 Jan 2005 14:31:21 +1100, Nick Piggin <nickpiggin@yahoo.com.au> wrote:
     
    > It sounds to me like both your proposals may be too complex and not
    > sufficiently deterministic (I don't know for sure, maybe that's
    > exactly what the RT people want).
    >
    > I wouldn't have thought it is so much a matter of having real-time-ish
    > scheduling available that tries to play nicely in a multi user machine.
    > That must still imply that either the user is able to unduly tie up
    > resources (and thus it has to be a privileged operation), or that it
    > sometimes can't meet its "guarantees" (in which case, is it useful?).

    The VM system with overcommit is in a similar pickle. It can't honor
    the "guarantees" it makes. Yet, I think it is in wide use. Overcommit
    is a useful behavior for many people, despite the fact that it allows
    any user to turn loose the oom_killer on the system.

    So I think many people would also find a best-effort-at-realtime
    SCHED_ISO type thing pretty useful, even if it allowed unprivileged
    users to tie up resources (while protecting the system from DOS).
    Heck, we don't have to allow unprivileged users to tie up resources.
    SCHED_ISO use could be limited to members of a certain group, possibly
    implemented using some sort of LSM module... :)

    Of course, suggesting that access to SCHED_ISO be limited pretty much
    admits that running processes as SCHED_ISO should be a privileged
    operation, like accessing /dev/dsp (a privilege that is granted
    through group membership on most desktops).

    > I was thinking that the solution might be more along the lines of
    > a nice way to handle privileges for these guys.

    A nice, flexible way to hand out scheduler (and perhaps other)
    privileges would be... nice. Are you thinking of something more
    fine-grained than per-user? 

    -- 
Will Dyson
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
  • Next message: Hsu I-Chieh: "A question about anonymous page"

    Relevant Pages

    • Re: group ownership of /dev files
      ... person changes each time someone new logs in and logs out. ... and efficient way to change the access to those resources is ... to change the permissions on the device file to that of a user who ... No additional privileges can be gained in that manner. ...
      (Debian-User)
    • Re: [PATCH] [request for inclusion] Realtime LSM
      ... > users to tie up resources. ... But regarding the kernel in general and the scheduler especially: ... >>a nice way to handle privileges for these guys. ...
      (Linux-Kernel)
    • How to determine required Rights Permissions and Privileges of system resources
      ... Is there a way to find out the required system permissions or privileges for ... accessing system resources or objects. ... e.g what privileges are required for accessing Clipboard or enumerating ...
      (microsoft.public.dotnet.security)
    • Re: XP Home joining a Domain
      ... XP Home can not join a domain (authenticate). ... resources with the right privileges, but your OP wasn't asking about ... accessing domain resources. ... > can remember what it said about the technique for doing so. ...
      (microsoft.public.windowsxp.network_web)
    • Re: /proc/sys/kernel/pid_max issues
      ... > Prior to the call being handled, ... Some random innocent process, ... code that is about to spread some of its privileges ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)