* Matt Mackall <[EMAIL PROTECTED]> wrote:
> Here's Chris' patch for reference:
>
> http://groups-beta.google.com/group/linux.kernel/msg/6408569e13ed6e80
how does this patch solve the separation of 'negative nice values' and
'RT priority rlimits'? In one piece of code it handles the rlimit value
as a 0-39 nice value, in another place it handles it as a limit for a
1-100 RT priority range. The two ranges overlap and have nothing to do
with each other. [*]
anyway, as long as it doesnt touch the scheduler runtime code (and it
doesnt), both types of solutions are fine to me - it's basically the
security-subsystem people's call.
if the patch solves the negative-nice-value and the RT-priority issues
at once, then it indeed looks more flexible (and more generic) than the
LSM solution. [**]
Ingo
[*] one acceptable way to 'merge' the two priority ranges would be to
introduce a unified priority range of 0-139: 0-39 would be for nice
values while 40-139 would be for RT priorities 1-99. NOTE: due to
rlimit semantics (users can always lower them without any security
checks), value 39 _must_ denote nice -20 and value 0 must denote
nice +19. I.e. it must strictly in increasing priority order.
[**] in fact, the 'Gnome problem' wrt. suid/gid binaries would be solved
via the rlimit too.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
