Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S263240AbUDAWaJ (ORCPT ); Thu, 1 Apr 2004 17:30:09 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S263284AbUDAWaJ (ORCPT ); Thu, 1 Apr 2004 17:30:09 -0500 Received: from ppp-217-133-42-200.cust-adsl.tiscali.it ([217.133.42.200]:29834 "EHLO dualathlon.random") by vger.kernel.org with ESMTP id S263240AbUDAW36 (ORCPT ); Thu, 1 Apr 2004 17:29:58 -0500 Date: Fri, 2 Apr 2004 00:29:57 +0200 From: Andrea Arcangeli To: Rik van Riel Cc: Andrew Morton , linux-kernel@vger.kernel.org, kenneth.w.chen@intel.com Subject: Re: disable-cap-mlock Message-ID: <20040401222957.GZ18585@dualathlon.random> References: <20040401135920.GF18585@dualathlon.random> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i X-GPG-Key: 1024D/68B9CB43 13D9 8355 295F 4823 7C49 C012 DFA1 686E 68B9 CB43 X-PGP-Key: 1024R/CB4660B9 CC A0 71 81 F4 A0 63 AC C0 4B 81 1D 8C 15 C8 E5 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1298 Lines: 31 On Thu, Apr 01, 2004 at 02:44:50PM -0500, Rik van Riel wrote: > On Thu, 1 Apr 2004, Andrea Arcangeli wrote: > > > This is a lot simpler than the mlock rlimit and this is people really > > need (not the rlimit). The rlimit thing can still be applied on top of > > this. This should be more efficient too (besides its simplicity). > > What use is this patch ? > > One of the main reasons for the mlock rlimit is so that > security conscious people can let normal users' gpg > mlock a few pages. > > This patch isn't usable for that at all, since switching > the sysctl on would just open up the system to an easy > deadlock by any user. Definately not something any > security conscious admin would want to enable ... there's no way the rlimit patch can cover shmget(SHM_HUGETLB) and shmctl(SHM_LOCK). That's the use of this patch. Plus it obsoletes the need of setting rlimit for apps like databases. the rlimit patch remains useful for the multiuser system you're talking about (assuming you also limit the number of tasks per-user accordingly). - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/