Announcement

Collapse
No announcement yet.

Linux 5.7 To Support Spawning A Process In A Different Cgroup From Its Parent

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux 5.7 To Support Spawning A Process In A Different Cgroup From Its Parent

    Phoronix: Linux 5.7 To Support Spawning A Process In A Different Cgroup From Its Parent

    An important infrastructure change with the Linux 5.7 kernel now allows the ability to create a process in a different cgroup from the parent process...

    http://www.phoronix.com/scan.php?pag...ne3-new-cgroup

  • #2
    Will this be secure?

    Comment


    • #3
      Doesnt init/service managers already do this? I know that on OpenRC that I use all services has their own cgroup unified/v2 in /sys/fs/cgroup/<service>

      Comment


      • #4
        Originally posted by Spam View Post
        Doesnt init/service managers already do this? I know that on OpenRC that I use all services has their own cgroup unified/v2 in /sys/fs/cgroup/<service>

        The answer is unfortunately no. They are using a hack to generate the same results that can in fact have a race condition problem. This is finally providing a method that always works todo it.

        Comment


        • #5
          Originally posted by TemplarGR View Post
          Will this be secure?
          "Secure" with respect to what?

          What makes you think that this could impact security in any way in the first place?

          Comment


          • #6
            Originally posted by intelfx View Post

            "Secure" with respect to what?

            What makes you think that this could impact security in any way in the first place?
            If you don't understand that by your own, you are in no position to discuss this.

            Comment


            • #7
              Originally posted by TemplarGR View Post

              If you don't understand that by your own, you are in no position to discuss this.
              Public discussions don't work that way.

              Comment


              • #8
                Originally posted by TemplarGR View Post

                If you don't understand that by your own, you are in no position to discuss this.
                There are no stupid questions; only stupid people.

                Comment


                • #9
                  Does this potentially allow e.g flatpak containers to create nested containers?

                  Comment


                  • #10
                    Originally posted by intelfx View Post

                    "Secure" with respect to what?

                    What makes you think that this could impact security in any way in the first place?
                    Probably in the context of escaping a sandbox/container spawning in another cgroup 🤔

                    Comment

                    Working...
                    X