Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CACVxJT-R-+Nji5Cu_by1phJSSor_fT2_Pwtn24vpK49PZ_LHEg@mail.gmail.com>
Date: Wed, 6 Jul 2011 14:25:33 +0300
From: Alexey Dobriyan <adobriyan@...il.com>
To: Vasiliy Kulikov <segoon@...nwall.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>, linux-kernel@...r.kernel.org, 
	kernel-hardening@...ts.openwall.com, Greg Kroah-Hartman <gregkh@...e.de>, 
	"David S. Miller" <davem@...emloft.net>, Arnd Bergmann <arnd@...db.de>, 
	linux-security-module@...r.kernel.org
Subject: Re: [RFC 0/5 v4] procfs: introduce hidepid=, hidenet=, gid= mount options

On Wed, Jun 29, 2011 at 10:16 PM, Vasiliy Kulikov <segoon@...nwall.com> wrote:
>>     mount -t proc -o "pid_allow=exe,status,comm,oom_*" proc /proc
>
> Does this scheme make sense?  Should I rensend the patch with these
> architecture?
>
> pid_allow=, tid_allow=, attr_allow= and watch_gid= or smth like that.

Wildcards are scary, can we please not do them from the beginning.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.