* Stephen Smalley (sds@private) wrote: > On Fri, 2004-12-17 at 15:29, Chris Wright wrote: > > Why do you consider it a mistake? It marks that you used a capability to > > be able to grab that last bit of reserved memory? Seems valid enough. > > I can see it as troubling in the case where it's just used to mark a > > flag on function call which may not be used. > > It is called while computing the amount of free space, and is thus > always applied, right? Even if you aren't using that extra space > reserved for root. Or did I miss something? Ah, yeah I see what you mean. So calling ->capable() there is better. Although, I have to admit, PF_SUPERPRIV is a pretty uninspired bit of info IHMO ;-) thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
This archive was generated by hypermail 2.1.3 : Fri Dec 17 2004 - 12:46:45 PST