Re: shmget with SHM_HUGETLB flag: Operation not permitted

[Jochen Roemling]

Chris Wright wrote:
> * William Lee Irwin III (wli@xxxxxxxxxxxxxx) wrote:
>
> > On Thu, Feb 26, 2004 at 11:36:03PM +0100, Jochen Roemling wrote:
> >
> > > How can I grant the permission to use HUGETLB to ordinary users?
> >
> > (a) use the fs which uses fs permissions to grant users permission to
> > 	fiddle with hugetlb
> > (b) man 2 capset
>
>
> In case that part wasn't clear, it would be CAP_IPC_LOCK capability.
Thanks. Capset was the keyword I couldn't remember.

_Background:_
I would like to install Oracle 10g Database on Linux with HUGETLB
support. The oracle binary exits with -EPERM because it is not allowed
to create a shared memory segment with the SHM_HUGETLB flag set.

I installed the libcap2 package (from debian testing) and now have the
tool "setcap" available. I wanted to test this on my example pgm
mentioned in the original post using:

roesrv01~ # setcap CAP_IPC_LOCK a.out
fatal error: Invalid argument
usage: setcap [-q] (-|<caps>) <filename> [ ... (-|<capsN>) <filenameN> ]

using the number "14" instead of the name "CAP_IPC_LOCK" doesn't work
either. I don't have any glue. Do have a simple example for me?

By the way: CAP_IPC_LOCK is only checked in line 508 of ipc/shm.c:

        case SHM_LOCK:
        case SHM_UNLOCK:
        {
/* Allow superuser to lock segment in memory */
/* Should the pages be faulted in here or leave it to user? */
/* need to determine interaction with current->swappable */
                if (!capable(CAP_IPC_LOCK)) {
                        err = -EPERM;
                        goto out;
                }

There is nothing around that says: "Allow this only without HUGETLB".
Are you sure that this capability is my problem?







-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/