* Serge Hallyn (serue@private) wrote: > Oh, so it does. Sorry. > > The attached patch moves the helper to security.c:__vm_enough_memory(), > and switches dummy_vm_enough_memory to use it as well. cap_ and dummy_ > use their own capable() functions for CAP_SYS_ADMIN. > > I hope I've got the logic right this time. Behavior seems the same as > under FC3 stock kernel, but honestly neither does what I'd expect. (I > plan to look into why next week :) Make sure it's the right overcommit mode (cat /proc/sys/vm/overcommit_memory). If it's 0 -- OVERCOMMIT_GUESS (typically the default), then you'll hit the capability logic, and shouldn't be able to get at that last 3% w/out cap bit. Seems to work as expected to me. Allocations maxed out at 1080M as user, and 1114M as root. 34/1114 ~ %3. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
This archive was generated by hypermail 2.1.3 : Fri Dec 17 2004 - 14:29:22 PST