On Wed, Apr 16, 2008 at 9:15 AM, Andi Kleen <andi@firstfloor.org> wrote:
quoted text
>
>  > Should we skip the RLIMIT_MEMLOCK check if capable(CAP_IPC_LOCK)?
>
>  FWIW I don't think we should. They are not really related.
>
That is true even though I see in mlock() that both are actually used.
I don't check against capabilities in perfmon, but I check RLIMIT_MEMLOCK
for the sampling buffer.

I see the capset()/capget() syscalls, however, I am still not clear as to how a
sysadmin could set up the capabilities for users via PAM or other
security interface.

quoted text
>
>  > It's a fairly large patch.
>
>  The original version was much smaller -- a lot of the increase came out of
>  review feedback for "more infrastructure" etc. I don't think you can blame
>  Markus for that.
>
I believe the patch could potentially be broken into multiple pieces:
ds/bts, pebs, ptrace.
--
unsubscribe notice
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/