On Wed, 2016-12-07 at 08:37 +0100, Christian Ehrhardt wrote: > On Tue, Dec 6, 2016 at 5:40 PM, Jamie Strandboge <jamie@xxxxxxxxxxxxx> > wrote: > > > > > I forgot to reiterate: the above is true *unless* there is another > > non-DAC, non- > > MAC kernel mediation (eg, does the kernel only allow modifying the 'comm' > > value > > of its own threads? If so, then the rule would be safe to add to the > > default > > abstraction (though we should document that it is safe)). > > > Thanks for your help Jamie on thinking through the implications of this - I > really highly appreciate! > For the given interface the v2 should be safe see e.g. > http://man7.org/linux/man-pages/man5/proc.5.html > Quoting from there: "... A thread may modify *its* comm value, or that of > any of other thread *in the same thread group* ..." Thanks for investigating this. +1 on adding this it the libvirt-qemu abstraction: # Per man(5) proc, the kernel enforces that a thread may # only modify its comm value or those in its thread group. owner @{PROC}/@{pid}/task/@{tid}/comm rw, -- Jamie Strandboge | http://www.canonical.com
Attachment:
signature.asc
Description: This is a digitally signed message part
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
