lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 06 Jun 2011 12:07:15 +0900 From: KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com> To: minchan.kim@...il.com CC: caiqian@...hat.com, linux-mm@...ck.org, linux-kernel@...r.kernel.org, akpm@...ux-foundation.org, rientjes@...gle.com, hughd@...gle.com, kamezawa.hiroyu@...fujitsu.com, oleg@...hat.com Subject: Re: [PATCH v2 0/5] Fix oom killer doesn't work at all if system have > gigabytes memory (aka CAI founded issue) >> Of course, we recommend to drop privileges as far as possible >> instead of keeping them. Thus, oom killer don't have to check >> any capability. It implicitly suggest wrong programming style. >> >> This patch change root process check way from CAP_SYS_ADMIN to >> just euid==0. > > I like this but I have some comments. > Firstly, it's not dependent with your series so I think this could > be merged firstly. I agree. > Before that, I would like to make clear my concern. > As I look below comment, 3% bonus is dependent with __vm_enough_memory's logic? No. completely independent. vm_enough_memory() check the task _can_ allocate more memory. IOW, the task is subjective. And oom-killer check the task should be protected from oom-killer. IOW, the task is objective. > If it isn't, we can remove the comment. It would be another patch. > If is is, could we change __vm_enough_memory for euid instead of cap? > > * Root processes get 3% bonus, just like the __vm_enough_memory() > * implementation used by LSMs. vm_enough_memory() is completely correct. I don't see any reason to change it. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists