Re: mlock(1)

[Chris Wright]

* Jeff Garzik (jgarzik@xxxxxxxxx) wrote:
> Chris Wright wrote:
> > * Alan Cox (alan@xxxxxxxxxxxxxxxxxxx) wrote:
> > >On Gwe, 2004-09-24 at 21:22, Chris Wright wrote:
> >>>Hard to say if it's a policy decision outside the scope of the app.
> >>>Esp. if the app knows it needs to not be swapped.  Either something that
> >>>has realtime needs, or more specifically, privacy needs.  Don't need to
> >>>mlock all of gpg to ensure key data never hits swap.
> >>
> >>Keys are a different case anyway. We can swap them if we have encrypted
> >>swap (hardware or software) and we could use the crypto lib just to
> >>crypt some pages in swap although that might be complex. As such a
> >>MAP_CRYPT seems better than mlock. If we don't have cryptable swap then
> >>fine its mlock.
> > 
> > Yeah, sounds nice.  This is still very much an app specific policy, not
> > something that a helper such as mlock(1) would solve.
> 
> It's all app-specific policy.  mlock(1) allows the sysadmin to apply 
> app-specific policy on top of whatever app-specific policy the engineer 
> has chosen to hardcode into his app.
> 
> A smart sysadmin that knows the working set of his _local configuration_ 
> of a given app is sometimes in a better position to make a decision 
> about mlockall(2) than the engineer.

OK, that's fine.  I just wanted to highlight some situations
where it's preferable to leave that hardcoded in the application.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/