Hello, On Mon, Jan 13, 2014 at 09:01:46AM +0100, Jan Kaluza wrote: > this patchset against net-next (applies also to linux-next) adds 3 new types > of "Socket"-level control message (SCM_AUDIT, SCM_PROCINFO and SCM_CGROUP). > > Server-like processes in many cases need credentials and other > metadata of the peer, to decide if the calling process is allowed to > request a specific action, or the server just wants to log away this > type of information for auditing tasks. > > The current practice to retrieve such process metadata is to look that > information up in procfs with the $PID received over SCM_CREDENTIALS. > This is sufficient for long-running tasks, but introduces a race which > cannot be worked around for short-living processes; the calling > process and all the information in /proc/$PID/ is gone before the > receiver of the socket message can look it up. > > Changes introduced in this patchset can also increase performance > of such server-like processes, because current way of opening and > parsing /proc/$PID/* files is much more expensive than receiving these > metadata using SCM. Closing the race sounds like a good idea to me. What do net people think? Thanks. -- tejun _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
