Re: [PATCH] binfmt_elf: core dump masking support

[Kawai, Hidehiro]

Hi Pavel,
 
>>>Well, you can have it as set of 0-1 "limits"...
>>
>>I have come up with a similar idea of regarding the ulimit
>>value as a bitmask, and I think it may work.
>>But it will be confusable for users to add the new concept of
>>0-1 limitation into the traditional resouce limitation feature.
>>Additionaly, this approach needs a modification of each shell
>>command.
>>What do you think about these demerits?
> 
>>The /proc/<pid>/ approach doesn't have these demerits, and it
>>has an advantage that users can change the bitmask of any process
>>at anytime.
> 
> Well... not sure if it is advantage. 

For example, consider the following case:
  a process forks many children and system administrator wants to
  allow only one of these processes to dump shared memory.

This is accomplished as follows:

 $ echo 1 > /proc/self/coremask
 $ ./some_program
 (fork children)
 $ echo 0 > /proc/<a child's pid>/coremask

With the /proc/<pid>/ interface, we don't need to modify the
user program.  In contrast, with the ulimit or setrlimit interface,
the administrator can't do it without modifying the user program
to call setrlimit.  This will not be preferred.


> Semantics of ulimit inheritance
> are well given, for example. How is this going to be inherited?

The coremask setting is inherited in mm_init(), which is called
once as an extention of do_fork(), do_execve() or compat_do_execve().
Inheritance is done by copying the bitmask from current->mm->coremask.
However, if current->mm is NULL, the inherited bitmask is set to 0
(default value).

Best regards,
-- 
Hidehiro Kawai
Hitachi, Ltd., Systems Development Laboratory


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/