Re: [RFC] [Stacking v4 2/3] New version of SELinux patch to support stacking

From: Chris Wright (chrisw@private)
Date: Thu Dec 16 2004 - 14:05:51 PST

* Serge Hallyn (serue@private) wrote:
> The attached patch is virtually the same as Chris', compiled and
> "tested".  A quick while (1) malloc(100000000) test seemed to give the
> desired result.  Is that an appopriate test?

Depends on the overcommit settings.  The toplevel is an early out
on overcommit == 0, so it's possible you didn't fully test it.  BTW,
I think it's broken.

+       sysadm = secondary_ops->capable(current, CAP_SYS_ADMIN);
+       if (!sysadm)
+	       sysadm = avc_has_perm_noaudit(tsec->sid, tsec->sid,
+				       NULL);

+	return __cap_vm_enough_memory(pages, sysadm);

the value for sysadm should behave like a boolean.  However, it's
currently used backwards.  0 == TRUE, -EPERM == FALSE, map that to
boolean, and....

Linux Security Modules

This archive was generated by hypermail 2.1.3 : Thu Dec 16 2004 - 14:06:18 PST