Re: [RFC, PATCH] pagemap: do not leak physical addresses to non-privileged userspace

From: Dave Hansen
Date: Mon Mar 09 2015 - 22:36:23 EST

Next message: Felipe Balbi: "Re: [PATCH] drivers: usb: gadget: udc: Fix NULL dereference"
Previous message: Hanjun Guo: "Re: [PATCH v9 01/21] ACPI / table: Use pr_debug() instead of pr_info() for MADT table scanning"
In reply to: Andy Lutomirski: "Re: [RFC, PATCH] pagemap: do not leak physical addresses to non-privileged userspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 03/09/2015 05:19 PM, Andy Lutomirski wrote:
> per-pidns like this is no good. You shouldn't be able to create a
> non-paranoid pidns if your parent is paranoid.

That sounds like a reasonable addition that shouldn't be hard to add.

> Also, at some point we need actual per-ns controls. This mount option
> stuff is hideous.

So,

per-pidns == bad
per-ns == good

If the pid namespace is the wrong place, which namespace is the right place?

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Felipe Balbi: "Re: [PATCH] drivers: usb: gadget: udc: Fix NULL dereference"
Previous message: Hanjun Guo: "Re: [PATCH v9 01/21] ACPI / table: Use pr_debug() instead of pr_info() for MADT table scanning"
In reply to: Andy Lutomirski: "Re: [RFC, PATCH] pagemap: do not leak physical addresses to non-privileged userspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]