Re: 2.6.11-rc3-mm2

[Matt Mackall]

On Fri, Feb 11, 2005 at 06:49:05PM +0100, Ingo Molnar wrote:
> 
> * Matt Mackall <mpm@xxxxxxxxxxx> wrote:
> 
> > > > Yes. There's also the whole soft limit thing.
> > > 
> > > i'm curious, how does this 'per-app' rlimit thing work? If a user has
> > > jackd installed and runs it from X unprivileged, how does it get the
> > > elevated rlimit?
> > 
> > It needs a setuid launcher. It would be nice to be able to elevate the
> > rlimits of running processes but the API doesn't exist yet.
> 
> With a setuid launcher you need _zero_ kernel help to get SCHED_FIFO: if
> you have a launcher then already today it can just give SCHED_FIFO to
> jackd and be done with it!

I'm sure you know all this already but I'll spell it out so we're all
clear:

a) rlimits are tracked per-process so they're fundamentally
per-process
b) there are hard and soft limits, with soft always <= hard
c) only root can raise hard rlimits, but normal users can lower them
d) if a user owns a process, he can gain the privileges of that process
by various means, so in the strict sense per-process privileges are
meaningless - all privileges are per-uid
e) so we either need to segregate all privileged processes into
separate uid domains
f) or we're assuming non-malicious users and soft limits are
sufficient.

Now I suspect we don't want to insist people do (e) (though I'd
certainly encourage them to try).

Don't forget that the rlimits approach allows us to reserve the
highest priorities for root. I'm pretty sure an effective watchdog
policy can thus be implemented in userspace, which RT-LSM can't really
offer.

-- 
Mathematics is the supreme nostalgia of our time.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/