Re: [PATCH] remove duplicated patch fragment

[Chris Wright]

* Andries Brouwer (Andries.Brouwer@xxxxxx) wrote:
> On Tue, Jan 04, 2005 at 03:36:11PM +0300, Nikita Danilov wrote:
> > On another account, shouldn't capable(CAP_SYS_ADMIN) checks in
> > cap_vm_enough_memory() be replaced with capable(CAP_SYS_RESOURCE):
> > (CAP_SYS_RESOURCE is used by file systems to control reserved disk
> > blocks)?
> 
> The use of current->euid comes from the use of current->euid in dummy.c
> a few lines higher up in the same routine.
> The use of CAP_SYS_ADMIN comes from the use of CAP_SYS_ADMIN in
> commoncap.c a few lines higher up in the same routine.
> 
> I have no strong opinion about what is best.

Unfortunately, this what committed on 2003/05/25 (IOW, it's been in
there since 2.5.70).  So, we can't really change that w/out possibly
breaking things.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/