On Wed, 2004-12-08 at 15:24, Chris Wright wrote: > * Stephen Smalley (sds@private) wrote: > > Perhaps cap_vm_enough_memory() should be using cap_capable() rather than > > capable() for checking CAP_SYS_ADMIN? Otherwise, it is going to set the > > PF_SUPERPRIV flag in current->flags for the process just because of a > > mapping, not necessarily just for real use of the capability. > > Yeah, I wondered the same when I did that helper hack. It's even more > egregious, because the capability may not even be checked (i.e. > OVERCOMMIT_ALWAYS). Yes, so I think I'd favor changing cap_vm_enough_memory() to just use cap_capable() for its checks, and then just have selinux_vm_enough_memory() just call secondary_ops and not worry about applying a SELinux check here until we have real support for resource allocation based on policy. -- Stephen Smalley <sds@private> National Security Agency
This archive was generated by hypermail 2.1.3 : Wed Dec 08 2004 - 13:41:06 PST