Re: [PATCH] [request for inclusion] Realtime LSM

From: Pavel Machek
Date: Thu Mar 10 2005 - 16:27:31 EST

On Mon 07-03-05 23:30:57, Jack O'Quin wrote:
> Andrew Morton <akpm@xxxxxxxx> writes:
> > Matt Mackall <mpm@xxxxxxxxxxx> wrote:
> >>
> >> I think Chris Wright's last rlimit patch is more sensible and ready to
> >> go.
> >
> > I must say that I like rlimits - very straightforward, although somewhat
> > awkward to use from userspace due to shortsighted shell design.
> >
> > Does anyone have serious objections to this approach?
> 1. is likely to introduce multiuser system security holes like the one
> created recently when the mlock() rlimits bug was fixed (DoS attacks)

Default is unchanged and you claim your boxes are single-user-a-time,

> 2. requires updates to all the shells

No. Just set it during login.

> 3. forces Windows and Mac musicians to learn and understand PAM

While you force them to mess with security modules. I'd say thats and improvement.
And "understanding PAM" in this case means updating two files, adding one
line to each.

> 4. is undocumented and has never been tested in any real music studios

So write the docs and test it.

64 bytes from icmp_seq=28 ttl=51 time=448769.1 ms

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at