Re: [RFC/RFT PATCH] cgroup: enable write permission for the group of users
From: Paul Menage
Date: Wed Feb 02 2011 - 02:57:58 EST
On Tue, Feb 1, 2011 at 5:27 PM, Ingo Molnar <mingo@xxxxxxx> wrote:
>
> Sure, many things can be worked around in user-space, but the question is, does the
> +g make sense as default cgroupfs permissions?
It's certainly arguable that group-writable permissions might have
made sense as the default when cgroupfs was first introduced. I don't
particularly think there was a strong argument either way, and this
was one of the semantics that was inherited from cpusets to simplify
backwards-compatibility.
But given the current default file mode, and given than the default
gid for a cgroupfs file is 0, any cgroups controller in user-space
that wants to make it group-accessible needs to chown() the file to
set the group appropriately. So doing an additional chmod() is really
no significant amount of extra work/code. Since any kernel from the
last four years will have cgroupfs files that default to mode 644,
even if we change the default mode to 664 said controller will need to
include the chmod code in case it's running on an older kernel. So I
don't see a real benefit in changing the default, and there's always
the slight change of introducing a security hole in a controller that
assumes the 644 default.
Paul
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/