Re: 2.6.9 kernel oops with openais

[Steven Dake]

What would be preferrable instead of dropping UID when privleged
services are needed?  more specifically I need
    * CAP_NET_RAW (bindtodevice)
     * CAP_SYS_NICE (setscheduler)
     * CAP_IPC_LOCK (mlockall)

I had thought about adding the correct code to get these capabilities
but it still requires a start-from-uid0 environment

THanks
-steve

On Fri, 2004-10-29 at 17:01, Chris Wright wrote:
> * Steven Dake (sdake@xxxxxxxxxx) wrote:
> > The change was that from 2.6.8 to 2.6.9 the rlimit for memlock was
> > changed from infinity to 32k (and at the same time, normal users are now
> > allowed to use mlockall if they dont have alot of memory to mlock).  I
> > fixed up the openais code by doing something evil from uid 0 like:
> > 
> >        struct rlimit rlimit;
> > 
> >         rlimit.rlim_cur = RLIM_INFINITY;
> >         rlimit.rlim_max = RLIM_INFINITY;
> >         setrlimit (RLIMIT_MEMLOCK, &rlimit);
> 
> Yeah, that'll do it (although, certainly wouldn't hurt to size it
> down ;-).  Hopefully most users aren't dropping uid (I doubt it, since
> I hadn't seen this problem pop up before).
> 
> thanks,
> -chris

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/