Announcement

Collapse
No announcement yet.

Linux 5.7 To Support Spawning A Process In A Different Cgroup From Its Parent

Collapse
X
Collapse
 
  • Page of 3
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
  • #1

    Linux 5.7 To Support Spawning A Process In A Different Cgroup From Its Parent

    Phoronix: Linux 5.7 To Support Spawning A Process In A Different Cgroup From Its Parent

    An important infrastructure change with the Linux 5.7 kernel now allows the ability to create a process in a different cgroup from the parent process...

    Linux 5.7 To Support Spawning A Process In A Different Cgroup From Its Parent - Phoronix
    http://www.phoronix.com/scan.php?page=news_item&px=Linux-5.7-clone3-new-cgroup
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    Will this be secure?

    Comment

    • #3
      Doesnt init/service managers already do this? I know that on OpenRC that I use all services has their own cgroup unified/v2 in /sys/fs/cgroup/<service>

      Comment

      • #4
        Originally posted by Spam View Post
        Doesnt init/service managers already do this? I know that on OpenRC that I use all services has their own cgroup unified/v2 in /sys/fs/cgroup/<service>

        The answer is unfortunately no. They are using a hack to generate the same results that can in fact have a race condition problem. This is finally providing a method that always works todo it.
        • Likes 10

        Comment

        • #5
          Originally posted by TemplarGR View Post
          Will this be secure?
          "Secure" with respect to what?

          What makes you think that this could impact security in any way in the first place?
          • Likes 3

          Comment

          • #6
            Originally posted by intelfx View Post

            "Secure" with respect to what?

            What makes you think that this could impact security in any way in the first place?
            If you don't understand that by your own, you are in no position to discuss this.
            • Likes 2

            Comment

            • #7
              Originally posted by TemplarGR View Post

              If you don't understand that by your own, you are in no position to discuss this.
              Public discussions don't work that way.
              • Likes 14

              Comment

              • #8
                Originally posted by TemplarGR View Post

                If you don't understand that by your own, you are in no position to discuss this.
                There are no stupid questions; only stupid people.
                • Likes 8

                Comment

                • #9
                  Does this potentially allow e.g flatpak containers to create nested containers?
                  • Likes 1

                  Comment

                  • #10
                    Originally posted by intelfx View Post

                    "Secure" with respect to what?

                    What makes you think that this could impact security in any way in the first place?
                    Probably in the context of escaping a sandbox/container spawning in another cgroup 🤔
                    • Likes 1

                    Comment

                    Previous 1 2 3 template Next
                    Working...
                    X