RE: disable-cap-mlock

From: Chen, Kenneth W
Date: Thu Apr 01 2004 - 13:56:10 EST

Next message: Andrew Morton: "Re: Oops in get_boot_pages at reboot"
Previous message: Andrew Morton: "Re: msync() behaviour broken for MS_ASYNC, revert patch?"
In reply to: Andrea Arcangeli: "Re: disable-cap-mlock"
Next in thread: William Lee Irwin III: "Re: disable-cap-mlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>>>> Andrew Morton wrote on Thursday, April 01, 2004 10:34 AM
>
> If it's for access to SHM_HUGETLB

This is the main reason.

> then there was some discussion about
> extending the uid= thing to shm, but nothing happened. This could be
> resurrected.

We have tried doing that, in fact, I have worked on this on and off for
a while, none of the solutions we came up with are clean enough.

> I guess we could live with sysctl which simply nukes CAP_IPC_LOCK, but
> it has to be the when-all-else-failed option, yes?

Very much agreed, I also very much in agreement with wli that the user
level tool need a major improvement. These CAP_* hook has been in the
kernel for ages (since 2.4?), but the user land tool seems fossilized.
Last time I tried libcap (about two weeks ago), it segv on me.

- Ken

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: Oops in get_boot_pages at reboot"
Previous message: Andrew Morton: "Re: msync() behaviour broken for MS_ASYNC, revert patch?"
In reply to: Andrea Arcangeli: "Re: disable-cap-mlock"
Next in thread: William Lee Irwin III: "Re: disable-cap-mlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]