From: Christoph Hellwig
Date: Mon May 10 2004 - 16:39:12 EST
> Add /proc/sys/vm/hugetlb_shm_group: this holds the group ID of users who may
> allocate hugetlb shm segments without CAP_IPC_LOCK. For Oracle.
> /proc/sys/vm/mlock_group: group ID of users who can do mlock() without
> CAP_IPC_LOCK. Not sure that we need this.
These two just introduced a subtile behaviour change during stable series,
possibly (not likely) leading to DoS opportunities from applications running
as gid 0. Really, with capabilities first and now selinux we have moved
away from treating uid 0 special, so introducing special casing of a gid
now is more than just braindead.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/