Core scheduling
Core scheduling
Posted Mar 1, 2019 15:18 UTC (Fri) by smurf (subscriber, #17840)In reply to: Core scheduling by josh
Parent article: Core scheduling
Checking the user+group (which one? neither effective nor real UID+GID is sufficient when you have a setuid process you want to protect) is significantly more expensive than checking a single cookie for equality. In the scheduler, that matters.
Posted May 15, 2019 14:04 UTC (Wed)
by riel (subscriber, #3142)
[Link]
At this stage, it is hard to say exactly what the policy should look like.
Core scheduling
It might be possible to automatically create and set cookies based on things like UID + GID, in the same way that CONFIG_SCHED_AUTOGROUP automatically creates cgroups based on UID. That way the enforcement code only ever checks the single cookie.