To: "Serge E. Hallyn" <serue@us.ibm.com>
Cc: Linux Kernel Mailing List <Linux-Kernel@Vger.Kernel.ORG>
Subject: Re: [RFC] [PATCH] merge *_vm_enough_memory()s into a common helper
References: <20050104214833.GA3420@IBM-BWN8ZTBWA01.austin.ibm.com>
From: Nikita Danilov <nikita@clusterfs.com>
Date: Wed, 05 Jan 2005 01:59:07 +0300
In-Reply-To: <20050104214833.GA3420@IBM-BWN8ZTBWA01.austin.ibm.com> (Serge
 E. Hallyn's message of "Tue, 4 Jan 2005 15:48:33 -0600")
Message-ID: <m1u0pwls1w.fsf@clusterfs.com>
User-Agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.5 (chayote, linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1173
Lines: 39

"Serge E. Hallyn" <serue@us.ibm.com> writes:

> The attached patch introduces a __vm_enough_memory function in
> security/security.c which is used by cap_vm_enough_memory,
> dummy_vm_enough_memory, and selinux_vm_enough_memory.  This has
> been discussed on the lsm mailing list.
>
> Are there any objections to or comments on this patch?
>
> thanks,
> -serge
>
> Signed-off-by: Serge Hallyn <serue@us.ibm.com>
>

[...]

> -
> -	return -ENOMEM;
> +	return __vm_enough_memory(pages,
> +			(cap_capable(current, CAP_SYS_ADMIN) == 0));

I don't think that CAP_SYS_ADMIN is proper capability for this:
CAP_SYS_ADMIN is catch-all that should be used only when no other
capability covers action being performed. In this case CAP_SYS_RESOURCE
seems to be a better fit, after all __vm_enough_memory() controls access
to a resource, plus file systems use CAP_SYS_RESOURCE to protect disk
blocks reserved for "root".

>  }

[...]

Nikita.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/