tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: RFC: New security model secmodel_securechroot(9)

On Sat, Jul 23, 2011 at 10:16:28PM +0300, Aleksey Cheusov wrote:
>  >>  >>      ·   Processor-set manipulation is not allowed.
>  >> 
>  >> > Please cross reference what you mean here (cpuctl(8), I take?)
>  >> No. schedctl(8).
>  >> CPU manipulations using cpuctl(8) is also not allowed.
> > Please make sure that it is clear that you mean the global scheduler
> > settings and not the pthread affinity flags.
> Could you please list all functions you'd like to see allowed
> (with argument if necessary)?

I think _sched_setparam, _sched_setaffinity and possible are the syscalls
involved. Same restrictions as ptrace if using with a different PID, no
real time priority inside chroot.


Home | Main Index | Thread Index | Old Index