Re: your mail

From: Chris Wright
Date: Mon May 24 2004 - 17:35:19 EST

Next message: Marc-Christian Petersen: "Re: your mail"
Previous message: Ryan Tokarek: "Problem: network drops; ethernet driver problem? (IRQ 11 disabled)"
In reply to: Marc-Christian Petersen: "Re: your mail"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Laughlin, Joseph V (Joseph.V.Laughlin@xxxxxxxxxx) wrote:
> I've been tasked with modifying a 2.4 kernel so that a non-root user can
> do the following:
>
> Dynamically change the priorities of processes (up and down)

Requires CAP_SYS_NICE.

> Lock processes in memory

Currently requires CAP_IPC_LOCK. However, this one is already been
done using rlimits (at least via mlock() and friends, SHM_LOCK has
different issue).

> Can change process cpu affinity

Requires CAP_SYS_NICE (but I believe this was a 2.6 feature).

> Anyone got any ideas about how I could start doing this? (I'm new to
> kernel development, btw.)

There's a few approaches floating about. Probably the simplest is to
disable the checks globally, but this will also be less secure. I have
an example of this in 2.6 if you'd like.

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Marc-Christian Petersen: "Re: your mail"
Previous message: Ryan Tokarek: "Problem: network drops; ethernet driver problem? (IRQ 11 disabled)"
In reply to: Marc-Christian Petersen: "Re: your mail"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]