Re: [patch] mlock-as-nonroot revisted

From: Andrea Arcangeli
Date: Thu Jul 29 2004 - 21:10:51 EST

Next message: Andrea Arcangeli: "Re: [patch] mlock-as-nonroot revisted"
Previous message: MA: "kernel problems, crc32c"
In reply to: Chris Wright: "Re: [patch] mlock-as-nonroot revisted"
Next in thread: Rik van Riel: "Re: [patch] mlock-as-nonroot revisted"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jul 29, 2004 at 06:52:15PM -0700, Chris Wright wrote:
> 1) hugetlb accounting is not done. so it's only simple change to checking
> permission, but the acutal usage is not tracked (gets back to problem
> andrea pointed out). with this patch, wouldn't !capable(CAP_IPC_LOCK)
> && rlim[RLIMIT_MEMLOCK].rlim_cur == 1 be enough to get all the hugepages
> a user would want (i.e. security hole)?

exactly, you beaten me on reply-speed ;).

And this patch is needed primarly to get access to hugetlbfs without
IPC_CAP_LOCK as Arjan mentioned.

> I do agree, however, that storing in user struct allows for quota like
> accounting that matches the shm_lock and hugetlb use cases.

Looking forward to see hugetlbfs working with user quota too...
rlimit user-quota is certainly a reasonable approach, though I'm not
sure what happens if root runs chown, that's funny not? Comments?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrea Arcangeli: "Re: [patch] mlock-as-nonroot revisted"
Previous message: MA: "kernel problems, crc32c"
In reply to: Chris Wright: "Re: [patch] mlock-as-nonroot revisted"
Next in thread: Rik van Riel: "Re: [patch] mlock-as-nonroot revisted"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]