Re: [patch] mlock-as-nonroot revisted
From: Andrea Arcangeli
Date: Tue Aug 03 2004 - 22:15:25 EST
On Tue, Aug 03, 2004 at 10:22:30PM -0400, Rik van Riel wrote:
> On Wed, 4 Aug 2004, Andrea Arcangeli wrote:
>
> > > Normal hugetlb file creation (through the filesystem) isn't touched
> > > by these patches.
> >
> > it is:
>
> Hugetlb file creation through the filesystem never calls
> hugetlb_zero_setup! What are you talking about ?
>
> > diff -purN linux-2.6.7/fs/hugetlbfs/inode.c linux/fs/hugetlbfs/inode.c
> > --- linux-2.6.7/fs/hugetlbfs/inode.c 2004-07-29 11:36:55.744448953
> > +0200
> > +++ linux/fs/hugetlbfs/inode.c 2004-07-29 11:38:04.292595263 +0200
> > @@ -722,7 +722,7 @@ struct file *hugetlb_zero_setup(size_t s
> > struct qstr quick_string;
> > char buf[16];
> >
> > - if (!capable(CAP_IPC_LOCK))
> > + if (!can_do_mlock())
> > return ERR_PTR(-EPERM);
>
> > this breaks local security if you set the rlimit to 1 byte (well, 1 byte
> > == disable_cap_mlock).
>
> Please read my incremental patch. It adds a quota check
> right after this code segment.
I thought the check was applied to files too, and such code would not
have worked correctly with files.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/