Hi everyone, I'm working with SELinux and cgroups to implement SELinux on cgroups file. This is expected to improve cgroups security. But i'm having a confusion identifying the possible vulnerabilities of current cgroups DAC check and what need to be improved. I know the cgroup interface is the filesystem. But how this can be the drawback of current implementation. I mean how hackers may use this to attack the system. Tejun Heo said that the biggest issue with cgroup is the ability for non-root users to gain access to the raw kernel control knobs. anyone you explain more about this? Thank you very much. -- To unsubscribe from this list: send the line "unsubscribe cgroups" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
