Re: encrypted swap [was: The disappearing sys_call_table export.]

Yoav Weiss (ml-lkml@unpatched.org)
Wed, 14 May 2003 18:20:06 +0300 (IDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Richard B. Johnson: "Re: Digital Rights Management - An idea (limited lease, renting,"
Previous message: Martin J. Bligh: "[Bug 717] New: Laptop keyboard doesn't work"

> > Do you see more options ?
> > Anyway, it should probably be policy controlled.
>
> These are all very good options, ofcourse things get hairy don't they :)

Certainly. Option 3 certainly doesn't have to be implemented in the first
version :)
In fact, the first version could ignore the core dump issue and setrlimit
will be used to avoid core dumps of sensitive processes. In the future,
it can be handled more gracefully.

> Perhaps in the beginning either 1, 2 and 4 as per a system wide dump
> policy. May be even a setrlimit extension and use that as a jump point to
> make a per user policy?

Makes sense. Only when 3 is implemented, a special /proc interface is
required. For everything else, setrlimit will suffice.

>
> Cheers,
>
> Ahmed.
>

Bye,
Yoav

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Richard B. Johnson: "Re: Digital Rights Management - An idea (limited lease, renting,"
Previous message: Martin J. Bligh: "[Bug 717] New: Laptop keyboard doesn't work"