Re: [PATCH 18/19] sched: prctl() core-scheduling interface

From: Joel Fernandes
Date: Tue Jun 15 2021 - 07:32:14 EST

Next message: Christian Brauner: "Re: [PATCH v1] proc: Implement /proc/self/meminfo"
Previous message: Aneesh Kumar K.V: "[PATCH v2 2/2] mm: rename p4d_page_vaddr to p4d_pgtable and make it return pud_t *"
In reply to: Josh Don: "Re: [PATCH 18/19] sched: prctl() core-scheduling interface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jun 14, 2021 at 7:36 PM Josh Don <joshdon@xxxxxxxxxx> wrote:
>
> On Thu, Apr 22, 2021 at 5:36 AM Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
> >
> > From: Chris Hyser <chris.hyser@xxxxxxxxxx>
> >
> > This patch provides support for setting and copying core scheduling
> > 'task cookies' between threads (PID), processes (TGID), and process
> > groups (PGID).
>
> [snip]
>
> Internally, we have lots of trusted processes that don't have a
> security need for coresched cookies. However, these processes could
> still decide to create cookies for themselves, which will degrade
> machine capacity and performance for other jobs on the machine.
>
> Any thoughts on whether it would be desirable to have the ability to
> restrict use of SCHED_CORE_CREATE? Perhaps a new SCHED_CORE capability
> would be appropriate?

Hi,
Maybe a capability may not work because then other users who don't
care for the issue you mention will be required to manage/assign the
capability as well?

How about you use seccomp to filter the prctl based on the PID, and
CREATE command?

-Joel

Next message: Christian Brauner: "Re: [PATCH v1] proc: Implement /proc/self/meminfo"
Previous message: Aneesh Kumar K.V: "[PATCH v2 2/2] mm: rename p4d_page_vaddr to p4d_pgtable and make it return pud_t *"
In reply to: Josh Don: "Re: [PATCH 18/19] sched: prctl() core-scheduling interface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]