Hello, On Mon, Nov 04, 2013 at 09:51:35PM +0000, Serge E. Hallyn wrote: > Do you have a list of such issues which you see with delegation? That is, > cases where, if ownership of a subtree is granted to a non-root user, > that user can affect tasks owned by other users who are in other > cgroups? A lot of security is about logistics and cgroup simply doesn't have them - depth, number of cgroups quota, even config changes or subdirectory operations which involve RCU operations can easily be used for DoS attacks. Just think about how much complexity and effort need to be spent on making and maintaining anything properly delegatable to !priv users. cgroup has never spent such design or implementation effort - e.g. take a look at how event_control thing is implemented, it's extremely easy to trigger OOM if you give that out to !priv users. cgroup has *never* been safe to give out to !priv users and it is highly unlikely to be in any foreseeable future. It will be a big new giant feature which I frankly don't think is worth the risk or effort. Think of it as giving out sysctl or firewall rule control to !priv users. Giving out subset of those controls do make sense in terms of function but we don't do that and don't have infrastructure to support such usage. cgroup at this stage isn't that different. If you insist on doing that, you can but it is severely compromising in terms of security and it'll stay that way for the foreseeable future. Thanks. -- tejun _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
