[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: RFC: New security model secmodel_securechroot(9)
On Sat, Jul 23, 2011 at 10:16:28PM +0300, Aleksey Cheusov wrote:
> >> >> · Processor-set manipulation is not allowed.
> >> > Please cross reference what you mean here (cpuctl(8), I take?)
> >> No. schedctl(8).
> >> CPU manipulations using cpuctl(8) is also not allowed.
> > Please make sure that it is clear that you mean the global scheduler
> > settings and not the pthread affinity flags.
> Could you please list all functions you'd like to see allowed
> (with argument if necessary)?
I think _sched_setparam, _sched_setaffinity and possible are the syscalls
involved. Same restrictions as ptrace if using with a different PID, no
real time priority inside chroot.
Main Index |
Thread Index |