Re: sys_setpriority error

From: David Wagner (dawat_private)
Date: Wed May 30 2001 - 17:15:14 PDT

  • Next message: Chris Wright: "Re: sys_setpriority error"

    Titus D. Winters wrote:
    >I think the issue is that the logic is wrong (or unclear at the least.)
    >Currently it is saying:
    >if (you are rootish, own the process, or the module lets you) you can
    >renice things
    >And Roy suggests:
    >if ((you are rootish or own the process) AND (the module lets you)) you
    >can renice things.
    I haven't been following this thread carefully, but if your summary
    is correct, I too prefer the latter (Roy's suggestion).  For Janus,
    we found it critical (when sandboxing root processes) to be able to
    add restrictions that are stricter than what the base kernel enforces.
    IMHO, it is crucial to be able to enforce policies where root is nothing
    special, and if I'm not mistaken, only Roy's suggestion enables this.
    (Am I missing something?)
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Wed May 30 2001 - 17:17:39 PDT