Re: [RFC] [PATCH] merge *_vm_enough_memory()s into a common helper

From: Alan Cox
Date: Tue Jan 04 2005 - 20:36:47 EST

Next message: Lee Revell: "Re: [PATCH] [request for inclusion] Realtime LSM"
Previous message: Lee Revell: "Re: [PATCH] [request for inclusion] Realtime LSM"
In reply to: Nikita Danilov: "Re: [RFC] [PATCH] merge *_vm_enough_memory()s into a common helper"
Next in thread: Christoph Hellwig: "Re: [RFC] [PATCH] merge *_vm_enough_memory()s into a common helper"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Maw, 2005-01-04 at 22:59, Nikita Danilov wrote:
> I don't think that CAP_SYS_ADMIN is proper capability for this:
> CAP_SYS_ADMIN is catch-all that should be used only when no other
> capability covers action being performed. In this case CAP_SYS_RESOURCE
> seems to be a better fit, after all __vm_enough_memory() controls access
> to a resource, plus file systems use CAP_SYS_RESOURCE to protect disk
> blocks reserved for "root".

Its a heuristic for "system process" and works rather well.
CAP_SYS_RESOURCE is about ignoring limits, this is about saving the
administrators backside.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Lee Revell: "Re: [PATCH] [request for inclusion] Realtime LSM"
Previous message: Lee Revell: "Re: [PATCH] [request for inclusion] Realtime LSM"
In reply to: Nikita Danilov: "Re: [RFC] [PATCH] merge *_vm_enough_memory()s into a common helper"
Next in thread: Christoph Hellwig: "Re: [RFC] [PATCH] merge *_vm_enough_memory()s into a common helper"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]