From: Matt Mackall
Date: Mon May 10 2004 - 21:01:36 EST
On Mon, May 10, 2004 at 04:33:17PM -0700, Chris Wright wrote:
> * Chris Wedgwood (cw@xxxxxxxx) wrote:
> > On Mon, May 10, 2004 at 03:02:03PM -0700, Andrew Morton wrote:
> > > Capabilities are broken and don't work. Nobody has a clue how to
> > > provide the required services with SELinux and nobody has any code
> > > and we need the feature *now* before vendors go shipping even more
> > > ghastly stuff.
> > eh? magic groups are nasty... and why is this needed? can't
> > oracle/whatever just run with a wrapper to give the capabilities out
> > as required until a better solution is available
> I agree. I have a patch that at least fixes this bit of capabilities
> (currently, what you suggest doesn't work right), which could easily be
> dusted off and resent.
> And while we're at it, it would be nice to have the working bits of
> memlock rlimits going. At least the mlock() users would get some help
> (i.e. gpg).
mlock() rlimits make sense independent of Oracle. There are a number
of things (realtime, security, iscsi) that might make good use of
small amounts of locked memory.
> Another bit I could resend (removing the broken shm bits,
> of course). It's just those pesky shm segs having their own lifecycle
> which breaks the hugetlb and SHM_LOCK attempts to use memlock rlimits.
They have a lifecycle like files (they live on a filesystem, after
all), which is why I suggest we need quota there. Again, something
that has sensible uses independent of Oracle.
Matt Mackall : http://www.selenic.com : Linux development and consulting
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/