Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Tue, 28 Nov 2000 16:20:53 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Tue, 28 Nov 2000 16:20:43 -0500 Received: from 213-123-72-140.btconnect.com ([213.123.72.140]:49417 "EHLO penguin.homenet") by vger.kernel.org with ESMTP id ; Tue, 28 Nov 2000 16:20:30 -0500 Date: Tue, 28 Nov 2000 20:52:08 +0000 (GMT) From: Tigran Aivazian To: Jan Rekorajski cc: torvalds@transmeta.com, linux-kernel@vger.kernel.org Subject: Re: [PATCH] no RLIMIT_NPROC for root, please In-Reply-To: <20001128214309.F2680@sith.mimuw.edu.pl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 28 Nov 2000, Jan Rekorajski wrote: > --- linux/kernel/fork.c~ Tue Sep 5 23:48:59 2000 > +++ linux/kernel/fork.c Sun Nov 26 20:22:20 2000 > @@ -560,7 +560,8 @@ > *p = *current; > > retval = -EAGAIN; > - if (atomic_read(&p->user->processes) >= p->rlim[RLIMIT_NPROC].rlim_cur) > + if (p->user->uid && > + (atomic_read(&p->user->processes) >= p->rlim[RLIMIT_NPROC].rlim_cur)) Jan, Hardcoding things signifying special treatment of uid=0 is almost always a bad idea. If you _really_ think that superuser (whatever entity that might be) should be exempt from RLIMIT_NPROC and can prove that (SuSv2 seems to be silent so you may be right), then you should use capable() to do proper capability test and not that horrible explicit uid test as in your patch above. Regards, Tigran - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/