Re: disable-cap-mlock

From: Andrea Arcangeli
Date: Thu Apr 01 2004 - 17:33:02 EST

Next message: Darren Williams: "Re: Upgrade from 2.4.25 to 2.6.4 kernel"
Previous message: Bjorn Helgaas: "Re: [PATCH] early serial console support"
In reply to: Chris Wright: "Re: disable-cap-mlock"
Next in thread: Chris Wright: "Re: disable-cap-mlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Apr 01, 2004 at 02:44:50PM -0500, Rik van Riel wrote:
> On Thu, 1 Apr 2004, Andrea Arcangeli wrote:
>
> > This is a lot simpler than the mlock rlimit and this is people really
> > need (not the rlimit). The rlimit thing can still be applied on top of
> > this. This should be more efficient too (besides its simplicity).
>
> What use is this patch ?
>
> One of the main reasons for the mlock rlimit is so that
> security conscious people can let normal users' gpg
> mlock a few pages.
>
> This patch isn't usable for that at all, since switching
> the sysctl on would just open up the system to an easy
> deadlock by any user. Definately not something any
> security conscious admin would want to enable ...

there's no way the rlimit patch can cover shmget(SHM_HUGETLB) and
shmctl(SHM_LOCK). That's the use of this patch.

Plus it obsoletes the need of setting rlimit for apps like databases.

the rlimit patch remains useful for the multiuser system you're talking
about (assuming you also limit the number of tasks per-user
accordingly).
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Darren Williams: "Re: Upgrade from 2.4.25 to 2.6.4 kernel"
Previous message: Bjorn Helgaas: "Re: [PATCH] early serial console support"
In reply to: Chris Wright: "Re: disable-cap-mlock"
Next in thread: Chris Wright: "Re: disable-cap-mlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]