[Ksummit-discuss] [CORE TOPIC] Kernel tinification: shrinking the kernel and avoiding size regressions
Mark Brown
broonie at sirena.org.uk
Sat May 3 01:21:58 UTC 2014
On Fri, May 02, 2014 at 05:08:51PM -0400, Dave Jones wrote:
> On Fri, May 02, 2014 at 02:03:40PM -0700, Mark Brown wrote:
> > That works for specific processes but I don't immediately see a
> > straightforward way to do it system wide (I guess a wrapper that straces
> > init and children might do the trick but it's not particularly nice).
> > Part of the trick for getting the general security win is to lower the
> > barrier to entry.`
> Sounds like something you could use tracepoints for maybe ?
> Failing that, kprobes ?
Tracepoints do run the risk of overflowing the buffer if run for too
long but if it's the only thing running and/or is monitored that should
be OK, it's more managable than strace. kprobes should definitely work
I think if there's a suitably canned way of setting it up.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/ksummit-discuss/attachments/20140502/ac92ecf0/attachment.sig>
More information about the Ksummit-discuss
mailing list