Re: mlock(1)

From: Chris Wright
Date: Fri Sep 24 2004 - 17:22:53 EST

Next message: Suresh Siddha: "Re: [Patch 0/2] Disable SW irqbalance/irqaffinity for E7520/E7320/E7525"
Previous message: Alan Cox: "Re: [PATCH] oom_pardon, aka don't kill my xlock"
In reply to: Alan Cox: "Re: mlock(1)"
Next in thread: Jeff Garzik: "Re: mlock(1)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Alan Cox (alan@xxxxxxxxxxxxxxxxxxx) wrote:
> On Gwe, 2004-09-24 at 21:22, Chris Wright wrote:
> > Hard to say if it's a policy decision outside the scope of the app.
> > Esp. if the app knows it needs to not be swapped. Either something that
> > has realtime needs, or more specifically, privacy needs. Don't need to
> > mlock all of gpg to ensure key data never hits swap.
>
> Keys are a different case anyway. We can swap them if we have encrypted
> swap (hardware or software) and we could use the crypto lib just to
> crypt some pages in swap although that might be complex. As such a
> MAP_CRYPT seems better than mlock. If we don't have cryptable swap then
> fine its mlock.

Yeah, sounds nice. This is still very much an app specific policy, not
something that a helper such as mlock(1) would solve.

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Suresh Siddha: "Re: [Patch 0/2] Disable SW irqbalance/irqaffinity for E7520/E7320/E7525"
Previous message: Alan Cox: "Re: [PATCH] oom_pardon, aka don't kill my xlock"
In reply to: Alan Cox: "Re: mlock(1)"
Next in thread: Jeff Garzik: "Re: mlock(1)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]