[PATCH] pkeys: Introduce PKEY_ALLOC_SIGNALINHERIT and change signal semantics
Florian Weimer
fweimer at redhat.com
Tue May 15 01:34:07 AEST 2018
On 05/14/2018 05:32 PM, Andy Lutomirski wrote:
>
>
>
>> On May 14, 2018, at 5:01 AM, Florian Weimer <fweimer at redhat.com> wrote:
>>
>>> One thing we could do, though: the current initual state on process
>>> creation is all access blocked on all keys. We could change it so that
>>> half the keys are fully blocked and half are read-only. Then we could add
>>> a PKEY_ALLOC_STRICT or similar that allocates a key with the correct
>>> initial state*and* does the setsignal thing. If there are no keys left
>>> with the correct initial state, then it fails.
>>
>> The initial PKRU value can currently be configured by the system administrator. I fear this approach has too many moving parts to be viable.
>>
>>
>
> Honestly, I think we should drop that option. I don’t see how we can expect an administrator to do this usefully.
I don't disagree—it makes things way less predictable in practice.
Thanks,
Florian
More information about the Linuxppc-dev
mailing list