RFC: Constrain driver processes with cgroups #54
Labels
type: discussion
Issue that can be resolved with discussion
type: enhancement
new feature or request
type: security
Issue related to Security
Given drivers hold the potential to introduce potentially untrusted code, it may be worth adding some more guard rails around their operation. A tool that seems like an obvious choice is cgroups.
At a minimum, this would allow resources available to driver processes to be limited and divided as appropriate. Network traffic could also be tagged to enable external filtering and prevent loopback access to internal services.
What I'm not sure of is if these are assignable when already inside a container without needing privileged access to the host, which is undesirable and in some environments potentially not possible at all. I'll check this next week unless anyone else can clarify first.
If this can be used, can anyone think of reasons why it should be implemented?
The text was updated successfully, but these errors were encountered: