* Stephen Smalley (sds@private) wrote: > On Fri, 2004-12-17 at 16:00, Serge Hallyn wrote: > > Is that the behavior we want to preserve? Or do we want to go ahead and > > use capable(CAP_SYS_ADMIN) in the dummy version? > > IMHO, having vm_enough_memory trigger setting of the PF_SUPERPRIV flag > is a mistake. dummy and capability should only be calling their own > private capable functions, not the top-level one. Why do you consider it a mistake? It marks that you used a capability to be able to grab that last bit of reserved memory? Seems valid enough. I can see it as troubling in the case where it's just used to mark a flag on function call which may not be used. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
This archive was generated by hypermail 2.1.3 : Fri Dec 17 2004 - 12:29:54 PST