Subject: Re: [RFC] [PATCH] merge *_vm_enough_memory()s into a common helper
From: Stephen Smalley <sds@epoch.ncsc.mil>
To: "Serge E. Hallyn" <serue@us.ibm.com>
Cc: linux-kernel <linux-kernel@vger.kernel.org>,
       Chris Wright <chrisw@osdl.org>, James Morris <jmorris@redhat.com>
In-Reply-To: <20050104214833.GA3420@IBM-BWN8ZTBWA01.austin.ibm.com>
References: <20050104214833.GA3420@IBM-BWN8ZTBWA01.austin.ibm.com>
Content-Type: text/plain
Organization: National Security Agency
Message-Id: <1104876635.20724.170.camel@moss-spartans.epoch.ncsc.mil>
Mime-Version: 1.0
Date: Tue, 04 Jan 2005 17:10:35 -0500
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1322
Lines: 39

On Tue, 2005-01-04 at 16:48, Serge E. Hallyn wrote:
> The attached patch introduces a __vm_enough_memory function in
> security/security.c which is used by cap_vm_enough_memory,
> dummy_vm_enough_memory, and selinux_vm_enough_memory.  This has
> been discussed on the lsm mailing list.

> + * Note that secondary_ops->capable and task_has_perm return 0 if
> + * the capability is granted, but __vm_enough_memory requires 1 if
> + * the capability is granted.

Should be avc_has_perm_noaudit, right?

> +	rc = secondary_ops->capable(current, CAP_SYS_ADMIN);
> +	if (rc == 0)
> +		cap_sys_admin = avc_has_perm_noaudit(tsec->sid, tsec->sid,
> +					SECCLASS_CAPABILITY,
> +					CAP_TO_MASK(CAP_SYS_ADMIN),
> +					NULL);

Shouldn't this be 'rc = avc_has_perm...'?  And I'd suggest retaining the
comment from the original about why we don't want to audit here.

> -	vm_unacct_memory(pages);
> +	if (rc == 0)
> +		cap_sys_admin = 1;
>  
> -	return -ENOMEM;
> +	return __vm_enough_memory(pages, cap_sys_admin);
>  }

-- 
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/