On Wed, Apr 16, 2014 at 01:24:32PM -0700, Andy Lutomirski wrote: [..] > I'm not talking about the risk that someone learns someone's cgroup. > I'm talking about the risk that a malicious program can get a lot > entry like: "whatever planted text" > _SYSTEMD_UNIT=non-malicious.service. That is, they've spoofed a log > line. > > If you don't care about spoofing of log lines, then there's no point > to having the kernel validate them anyway. What's wrong with this. A message came from a cgroup which maps to a unit xyz and it got logged. I can't see what's wrong here. Anyway that message will get logged with unit information. These patches will just make getting unit information race free and more reliable. Thansk Vivek -- To unsubscribe from this list: send the line "unsubscribe cgroups" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
