On Tue, Feb 20, 2007 at 05:15:19PM +0100, Marco Pesenti Gritti wrote: > On Tue, 2007-02-20 at 21:28 +0530, Joshua N Pritikin wrote: > > On Mon, Feb 19, 2007 at 01:51:07PM +0100, Marco Pesenti Gritti wrote: > > > Is /proc/pid/oom_adj supposed to be user writable? > > > > It needs capable(CAP_SYS_RESOURCE). Is OLPC going to employ SELinux or > > somesuch for Bitfrost? If not then some kind of mini-server running as > > root will be needed to traverse the security barrier. > > We already have that (hardwaremanager on dev.laptop.org).
Can any process connect to hardwaremanager? If so, then oom_adj needs to be somewhere else. A malicious process could set oom_adj such that the next process to die is sugar. Only sugar should have access to set oom_adj. > Though I think functionality which is generic and fit in HAL should just > go there (less code for us to maintain). I have no idea if oom_adj fits > in HAL. Doesn't HAL just issue events and load kernel modules? I don't think oom_adj belongs in HAL. The way bcron handles this kind of thing is as follows: 1. bcron starts as root 2. creates a pipe 3. forks a child to read the pipe 4. the parent switches to the bcron user 5. whenever the parent needs to execute a job, it writes the details to the pipe Sugar could do something similar with the child only able to set oom_adj. _______________________________________________ Sugar mailing list [email protected] http://mailman.laptop.org/mailman/listinfo/sugar
