Subject: Re: [RFC][PATCH] Security hook for vm_enough_memory
From: Alan Cox <alan@lxorguk.ukuu.org.uk>
To: Stephen Smalley <sds@epoch.ncsc.mil>
Cc: Linus Torvalds <torvalds@transmeta.com>, Andrew Morton <akpm@digeo.com>,
       jmorris@intercode.com.au, lkml <linux-kernel@vger.kernel.org>,
       lsm <linux-security-module@wirex.com>
In-Reply-To: <1056385527.1709.415.camel@moss-huskers.epoch.ncsc.mil>
References: <1056385527.1709.415.camel@moss-huskers.epoch.ncsc.mil>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Organization: 
Message-Id: <1056386424.14228.78.camel@dhcp22.swansea.linux.org.uk>
Mime-Version: 1.0
Date: 23 Jun 2003 17:40:25 +0100
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1170
Lines: 26

On Llu, 2003-06-23 at 17:25, Stephen Smalley wrote:
> This patch for 2.5.73 replaces the CAP_SYS_ADMIN test in
> vm_enough_memory with a security_vm_allocate hook call so that security
> modules such as SELinux can distinguish this test from other
> CAP_SYS_ADMIN checks.  This change is necessary since the
> vm_enough_memory capability check is applied to all processes that
> allocate mappings and we don't want to spuriously audit CAP_SYS_ADMIN
> denials generated by this test.  If anyone has any objections to this
> patch, please let me know.  Thanks.

Is there any reason for not wrapping the entire vm_enough_memory() function
and using the current one as default. In some environments being able to make
total commit constraints based on roles may actually be useful.

(Think "sum of students memory < 40% of system" 8))

vm_enough_memory has to be kernel side but its basically policy so pluggable
IMHO is good.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/