Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S263037AbUDASei (ORCPT ); Thu, 1 Apr 2004 13:34:38 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S263045AbUDASei (ORCPT ); Thu, 1 Apr 2004 13:34:38 -0500 Received: from fw.osdl.org ([65.172.181.6]:33696 "EHLO mail.osdl.org") by vger.kernel.org with ESMTP id S263037AbUDASec (ORCPT ); Thu, 1 Apr 2004 13:34:32 -0500 Date: Thu, 1 Apr 2004 10:34:25 -0800 From: Andrew Morton To: William Lee Irwin III Cc: andrea@suse.de, linux-kernel@vger.kernel.org, kenneth.w.chen@intel.com Subject: Re: disable-cap-mlock Message-Id: <20040401103425.03ba8aff.akpm@osdl.org> In-Reply-To: <20040401171625.GE791@holomorphy.com> References: <20040401135920.GF18585@dualathlon.random> <20040401164825.GD791@holomorphy.com> <20040401165952.GM18585@dualathlon.random> <20040401171625.GE791@holomorphy.com> X-Mailer: Sylpheed version 0.9.7 (GTK+ 1.2.10; i386-redhat-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1722 Lines: 39 William Lee Irwin III wrote: > > On Thu, Apr 01, 2004 at 08:48:25AM -0800, William Lee Irwin III wrote: > >> Something like this would have the minor advantage of zero core impact. > >> Testbooted only. vs. 2.6.5-rc3-mm4 > > On Thu, Apr 01, 2004 at 06:59:52PM +0200, Andrea Arcangeli wrote: > > I certainly like this too (despite it's more complicated but it might > > avoid us to have to add further sysctl in the future), Andrew what do > > you prefer to merge? I don't mind either ways. What is the Oracle requirement in detail? If it's for access to hugetlbfs then there are the uid= and gid= mount options. If it's for access to SHM_HUGETLB then there was some discussion about extending the uid= thing to shm, but nothing happened. This could be resurrected. If it's just generally for the ability to mlock lots of memory then RLIMIT_MEMLOCK would be preferable. I don't see why we'd need the sysctl when `ulimit -m' is available? (Where is that patch btw?) > There are a couple of off-by-ones in there I've got fixes for below. Using the security framework is neat. There are currently large spinlock contention problems in avc_has_perm_noaudit() which I suspect will make SELinux problematic in some server environments. But I trust it is possible to disable SELinux in config while using Bill's security module? I guess we could live with sysctl which simply nukes CAP_IPC_LOCK, but it has to be the when-all-else-failed option, yes? - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/