Re: [RFC] Expose request_module via syscall

From: Andy Lutomirski
Date: Fri Sep 24 2021 - 19:04:45 EST

Next message: Kirill A. Shutemov: "Re: Mapcount of subpages"
Previous message: Andy Lutomirski: "Re: [PATCH 5/8] x86/mmu: Add mm-based PASID refcounting"
In reply to: Christian Brauner: "Re: [RFC] Expose request_module via syscall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 9/24/21 06:19, Christian Brauner wrote:

On Wed, Sep 22, 2021 at 01:06:49PM -0700, Andy Lutomirski wrote:

I just meant that the programs in the container can see the modules
available on the host. Simplest thing could be bind-mounting in the
host's module folder with suitable protection (locked read-only mount).
But yeah, it can likely be as simple as allowing it to ask for a module
and not bother telling it about what is available.

If the container gets to see host modules, interesting races when containers are migrated CRIU-style will result.

Next message: Kirill A. Shutemov: "Re: Mapcount of subpages"
Previous message: Andy Lutomirski: "Re: [PATCH 5/8] x86/mmu: Add mm-based PASID refcounting"
In reply to: Christian Brauner: "Re: [RFC] Expose request_module via syscall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]