User: Password:
Subscribe / Log in / New account

What it's for

What it's for

Posted Nov 7, 2007 21:59 UTC (Wed) by samroberts (guest, #46749)
In reply to: What it's for by corbet
Parent article: Process IDs in a multi-namespace world

OK, that could be useful, maybe.

But don't the many flavors of LSM we've seen endlessly discussed solve 
the problem of what processes can do, and to whom?

Containers to associate processes together to be managed as a group 
strategy (scheduling priority, permissions, etc) makes sense to me, but 
doesn't seem to need pid hiding.

Just making processes invisible to each other by pid seems a bit fishy as 
a security mechanism. It reminds me of using chroot for security, which 
seems to be in disrepute:

Or is it more just lightweight virtualization?

(Log in to post comments)

What it's for

Posted Nov 8, 2007 0:45 UTC (Thu) by i3839 (guest, #31386) [Link]

There are quite a lot systemcalls taking a pid as argument, so isolating processes' pids has
the effect of containing those calls. To name a couple important ones, ptrace(2) and kill(2).

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds