On Sat 2018-01-06 21:33:28, Avi Kivity wrote:
> Meltdown and Spectre mitigations focus on protecting the kernel from a
> hostile userspace. However, it's not a given that the kernel is the most
> important target in the system. It is common in server workloads that a
> single userspace application
On 1/6/2018 11:33 AM, Avi Kivity wrote:
> Meltdown and Spectre mitigations focus on protecting the kernel from a
> hostile userspace. However, it's not a given that the kernel is the most
> important target in the system. It is common in server workloads that a
> single userspace application con
On Sun, Jan 07, 2018 at 02:51:59PM +0200, Avi Kivity wrote:
>
> I don't see the connection. The browser wouldn't run with CAP_PAYLOAD set.
>
> In a desktop system, only init retains CAP_PAYLOAD.
>
> On a server that runs one application (and some supporting processes), only
> init and that one a
On Sun, Jan 07, 2018 at 11:14:21AM +0200, Avi Kivity wrote:
> CAP_RAWIO is like CAP_PAYLOAD in that both allow you to read stuff you
> shouldn't have access to on a vulnerable CPU. But CAP_PAYLOAD won't give you
> that access on a non-vulnerable CPU, so it's safer.
But it's still a wider surface f
On Sun, Jan 07, 2018 at 02:36:28PM +, Alan Cox wrote:
> What I struggle to see is why I'd want to nominate specific processes for
> this except in very special cases (like your packet generator). Even then
> it would make me nervous as the packet generator if that trusted is
> effectively CAP_S
On 01/07/2018 04:36 PM, Alan Cox wrote:
I'm interested in participating to working on such a solution, given
that haproxy is severely impacted by "pti=on" and that for now we'll
have to run with "pti=off" on the whole system until a more suitable
solution is found.
I'm still trying to work out
> I'm interested in participating to working on such a solution, given
> that haproxy is severely impacted by "pti=on" and that for now we'll
> have to run with "pti=off" on the whole system until a more suitable
> solution is found.
I'm still trying to work out what cases there are for this. I ca
On 01/07/2018 02:29 PM, Theodore Ts'o wrote:
On Sun, Jan 07, 2018 at 11:16:28AM +0200, Avi Kivity wrote:
I think capabilities will work just as well with cgroups. The container
manager will set CAP_PAYLOAD to payload containers; and if those run an init
system or a container manager themselves
07.01.2018, 15:29, "Theodore Ts'o" :
> On Sun, Jan 07, 2018 at 11:16:28AM +0200, Avi Kivity wrote:
>> I think capabilities will work just as well with cgroups. The container
>> manager will set CAP_PAYLOAD to payload containers; and if those run an init
>> system or a container manager themsel
On Sun, Jan 07, 2018 at 11:16:28AM +0200, Avi Kivity wrote:
> I think capabilities will work just as well with cgroups. The container
> manager will set CAP_PAYLOAD to payload containers; and if those run an init
> system or a container manager themselves, they'll drop CAP_PAYLOAD for all
> process
On 01/06/2018 10:02 PM, Alan Cox wrote:
I propose to create a new capability, CAP_PAYLOAD, that allows the
system administrator to designate an application as the main workload in
that system. Other processes (like sshd or monitoring daemons) exist to
support it, and so it makes sense to protect
On 01/06/2018 10:24 PM, Willy Tarreau wrote:
Hi Avi,
On Sat, Jan 06, 2018 at 09:33:28PM +0200, Avi Kivity wrote:
Meltdown and Spectre mitigations focus on protecting the kernel from a
hostile userspace. However, it's not a given that the kernel is the most
important target in the system. It i
Hi Avi,
On Sat, Jan 06, 2018 at 09:33:28PM +0200, Avi Kivity wrote:
> Meltdown and Spectre mitigations focus on protecting the kernel from a
> hostile userspace. However, it's not a given that the kernel is the most
> important target in the system. It is common in server workloads that a
> single
> I propose to create a new capability, CAP_PAYLOAD, that allows the
> system administrator to designate an application as the main workload in
> that system. Other processes (like sshd or monitoring daemons) exist to
> support it, and so it makes sense to protect the rest of the system from
>
Meltdown and Spectre mitigations focus on protecting the kernel from a
hostile userspace. However, it's not a given that the kernel is the most
important target in the system. It is common in server workloads that a
single userspace application contains the valuable data on a system, and
if it
15 matches
Mail list logo