Re: [PATCH 2/2] proc: Add /proc/<pid>/timerslack_ns interface

From: Kees Cook
Date: Thu Jul 14 2016 - 13:56:48 EST

Next message: David Long: "Re: [PATCH v15 00/10] arm64: Add kernel probes (kprobes) support"
Previous message: nwatters: "Re: [PATCH] iommu/iova: validate iova_domain input to put_iova_domain"
In reply to: Serge E. Hallyn: "Re: [PATCH 2/2] proc: Add /proc/<pid>/timerslack_ns interface"
Next in thread: Serge E. Hallyn: "Re: [PATCH 2/2] proc: Add /proc/<pid>/timerslack_ns interface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jul 14, 2016 at 10:49 AM, Serge E. Hallyn <serge@xxxxxxxxxx> wrote:
> Kees, you said adding a capability is hard - can you expound on that?

Best I can find at the moment was discussion around CAP_COMPROMISE_KERNEL:
http://thread.gmane.org/gmane.linux.kernel/1459165

Basically, adding a new capability for an interface can create
userspace compatibility problems (though perhaps in this case, it's a
new interface, so a new capability would be okay, but it's such a
narrow use-case and CAP_SYS_NICE fits fine).

-Kees

--
Kees Cook
Chrome OS & Brillo Security

Next message: David Long: "Re: [PATCH v15 00/10] arm64: Add kernel probes (kprobes) support"
Previous message: nwatters: "Re: [PATCH] iommu/iova: validate iova_domain input to put_iova_domain"
In reply to: Serge E. Hallyn: "Re: [PATCH 2/2] proc: Add /proc/<pid>/timerslack_ns interface"
Next in thread: Serge E. Hallyn: "Re: [PATCH 2/2] proc: Add /proc/<pid>/timerslack_ns interface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]