Re: Proposal: CAP_PAYLOAD to reduce Meltdown and Spectre mitigation costs

From: Avi Kivity
Date: Sun Jan 07 2018 - 04:16:40 EST

Next message: SF Markus Elfring: "[PATCH] KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show()"
Previous message: Avi Kivity: "Re: Proposal: CAP_PAYLOAD to reduce Meltdown and Spectre mitigation costs"
In reply to: Alan Cox: "Re: Proposal: CAP_PAYLOAD to reduce Meltdown and Spectre mitigation costs"
Next in thread: Theodore Ts'o: "Re: Proposal: CAP_PAYLOAD to reduce Meltdown and Spectre mitigation costs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 01/06/2018 10:02 PM, Alan Cox wrote:

I propose to create a new capability, CAP_PAYLOAD, that allows the
system administrator to designate an application as the main workload in
that system. Other processes (like sshd or monitoring daemons) exist to
support it, and so it makes sense to protect the rest of the system from
their being compromised.

Much more general would be to do this with cgroups both for group-group
trust and group-kernel trust levels.

I think capabilities will work just as well with cgroups. The container manager will set CAP_PAYLOAD to payload containers; and if those run an init system or a container manager themselves, they'll drop CAP_PAYLOAD for all process/sub-containers but their payloads.

Next message: SF Markus Elfring: "[PATCH] KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show()"
Previous message: Avi Kivity: "Re: Proposal: CAP_PAYLOAD to reduce Meltdown and Spectre mitigation costs"
In reply to: Alan Cox: "Re: Proposal: CAP_PAYLOAD to reduce Meltdown and Spectre mitigation costs"
Next in thread: Theodore Ts'o: "Re: Proposal: CAP_PAYLOAD to reduce Meltdown and Spectre mitigation costs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]