Re: [patch] mlock-as-nonroot revisted
From: Andrea Arcangeli (andrea_at_suse.de)
Date: 07/30/04
- Previous message: MA: "kernel problems, crc32c"
- In reply to: Chris Wright: "Re: [patch] mlock-as-nonroot revisted"
- Next in thread: Rik van Riel: "Re: [patch] mlock-as-nonroot revisted"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 30 Jul 2004 04:09:10 +0200 To: Chris Wright <chrisw@osdl.org>
On Thu, Jul 29, 2004 at 06:52:15PM -0700, Chris Wright wrote:
> 1) hugetlb accounting is not done. so it's only simple change to checking
> permission, but the acutal usage is not tracked (gets back to problem
> andrea pointed out). with this patch, wouldn't !capable(CAP_IPC_LOCK)
> && rlim[RLIMIT_MEMLOCK].rlim_cur == 1 be enough to get all the hugepages
> a user would want (i.e. security hole)?
exactly, you beaten me on reply-speed ;).
And this patch is needed primarly to get access to hugetlbfs without
IPC_CAP_LOCK as Arjan mentioned.
> I do agree, however, that storing in user struct allows for quota like
> accounting that matches the shm_lock and hugetlb use cases.
Looking forward to see hugetlbfs working with user quota too...
rlimit user-quota is certainly a reasonable approach, though I'm not
sure what happens if root runs chown, that's funny not? Comments?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
- Previous message: MA: "kernel problems, crc32c"
- In reply to: Chris Wright: "Re: [patch] mlock-as-nonroot revisted"
- Next in thread: Rik van Riel: "Re: [patch] mlock-as-nonroot revisted"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
