Re: [patch] mlock-as-nonroot revisted
From: Rik van Riel
Date: Tue Aug 03 2004 - 21:28:21 EST
On Wed, 4 Aug 2004, Andrea Arcangeli wrote:
> > Normal hugetlb file creation (through the filesystem) isn't touched
> > by these patches.
>
> it is:
Hugetlb file creation through the filesystem never calls
hugetlb_zero_setup! What are you talking about ?
> diff -purN linux-2.6.7/fs/hugetlbfs/inode.c linux/fs/hugetlbfs/inode.c
> --- linux-2.6.7/fs/hugetlbfs/inode.c 2004-07-29 11:36:55.744448953
> +0200
> +++ linux/fs/hugetlbfs/inode.c 2004-07-29 11:38:04.292595263 +0200
> @@ -722,7 +722,7 @@ struct file *hugetlb_zero_setup(size_t s
> struct qstr quick_string;
> char buf[16];
>
> - if (!capable(CAP_IPC_LOCK))
> + if (!can_do_mlock())
> return ERR_PTR(-EPERM);
> this breaks local security if you set the rlimit to 1 byte (well, 1 byte
> == disable_cap_mlock).
Please read my incremental patch. It adds a quota check
right after this code segment.
--
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/