Hi Andrew Morgan, does this patch look reasonable to you?
thanks, -serge >From ed2e7764917fd56d9743630bd7072f67ff30adc2 Mon Sep 17 00:00:00 2001 From: [EMAIL PROTECTED] <[EMAIL PROTECTED](none)> Date: Wed, 26 Dec 2007 15:04:50 -0800 Subject: [PATCH 1/1] capabilities: oom_kill: don't set PF_SUPERPRIV for oom check With 64-bit capabilities came an inadvertent change such that the check for a privileged process, to make it less likely to be killed when out of memory, sets PF_SUPERPRIV, which it did not do before. This patch restores the original behavior of not setting the PF_SUPERPRIV bit when checking for privileged processes. Signed-off-by: [EMAIL PROTECTED] <[EMAIL PROTECTED](none)> --- include/linux/capability.h | 2 ++ mm/oom_kill.c | 3 ++- 2 files changed, 4 insertions(+), 1 deletions(-) diff --git a/include/linux/capability.h b/include/linux/capability.h index 7d50ff6..0acdd65 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -490,6 +490,8 @@ extern const kernel_cap_t __cap_init_eff_set; int capable(int cap); int __capable(struct task_struct *t, int cap); +#define CAPABLE_PROBE_ONLY(a,b) (!security_capable(a,b)) + extern long cap_prctl_drop(unsigned long cap); #endif /* __KERNEL__ */ diff --git a/mm/oom_kill.c b/mm/oom_kill.c index 9fd8d5d..cd515f8 100644 --- a/mm/oom_kill.c +++ b/mm/oom_kill.c @@ -128,7 +128,8 @@ unsigned long badness(struct task_struct *p, unsigned long uptime, * Superuser processes are usually more important, so we make it * less likely that we kill those. */ - if (__capable(p, CAP_SYS_ADMIN) || __capable(p, CAP_SYS_RESOURCE)) + if (CAPABLE_PROBE_ONLY(p, CAP_SYS_ADMIN) || + CAPABLE_PROBE_ONLY(p, CAP_SYS_RESOURCE)) points /= 4; /* -- 1.5.1 - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html