Re: [PATCH] no RLIMIT_NPROC for root, please

• Next message: Alexander Viro: "[CFT][RFC] ext2_new_inode() fixes and cleanup"
• Previous message: Andreas Dilger: "Re: [PATCH] Re: [bug] infinite loop in generic_make_request()"
• In reply to: Pavel Machek: "Re: [PATCH] no RLIMIT_NPROC for root, please"
• Next in thread: Andreas Dilger: "Re: [PATCH] no RLIMIT_NPROC for root, please"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > > Hardcoding things signifying special treatment of uid=0 is almost always a
> > > bad idea. If you _really_ think that superuser (whatever entity that might
> > > be) should be exempt from RLIMIT_NPROC and can prove that (SuSv2 seems to
> > > be silent so you may be right), then you should use capable() to do proper
> > > capability test and not that horrible explicit uid test as in your patch
> > > above.

I totally agree with you, Pavel. But while we are on this subject --
shouldn't the explicit check like this:

        /*
         * Use a reserved one if we're the superuser
         */
        if (files_stat.nr_free_files && !current->euid)
                goto used_one;
 
in fs/file_table.c:get_empty_filp() be switched to capabilities? I.e. is
the hardcoded euid=0 value intentional there or is it an omission?

Regards,
Tigran

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Alexander Viro: "[CFT][RFC] ext2_new_inode() fixes and cleanup"
• Previous message: Andreas Dilger: "Re: [PATCH] Re: [bug] infinite loop in generic_make_request()"
• In reply to: Pavel Machek: "Re: [PATCH] no RLIMIT_NPROC for root, please"
• Next in thread: Andreas Dilger: "Re: [PATCH] no RLIMIT_NPROC for root, please"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Nov 30 2000 - 21:00:26 EST