From: Jochen Roemling <jochen@roemling.net>
To: linux-kernel@vger.kernel.org
Subject: Re: shmget with SHM_HUGETLB flag: Operation not permitted
Date: Fri, 27 Feb 2004 01:02:08 +0100 [thread overview]
Message-ID: <403E8900.4030500@roemling.net> (raw)
In-Reply-To: <1tDgT-4r2-13@gated-at.bofh.it>
Chris Wright wrote:
> * William Lee Irwin III (wli@holomorphy.com) wrote:
>
>>On Thu, Feb 26, 2004 at 11:36:03PM +0100, Jochen Roemling wrote:
>>
>>>How can I grant the permission to use HUGETLB to ordinary users?
>>
>>(a) use the fs which uses fs permissions to grant users permission to
>> fiddle with hugetlb
>>(b) man 2 capset
>
>
> In case that part wasn't clear, it would be CAP_IPC_LOCK capability.
>
Thanks. Capset was the keyword I couldn't remember.
_Background:_
I would like to install Oracle 10g Database on Linux with HUGETLB
support. The oracle binary exits with -EPERM because it is not allowed
to create a shared memory segment with the SHM_HUGETLB flag set.
I installed the libcap2 package (from debian testing) and now have the
tool "setcap" available. I wanted to test this on my example pgm
mentioned in the original post using:
roesrv01~ # setcap CAP_IPC_LOCK a.out
fatal error: Invalid argument
usage: setcap [-q] (-|<caps>) <filename> [ ... (-|<capsN>) <filenameN> ]
using the number "14" instead of the name "CAP_IPC_LOCK" doesn't work
either. I don't have any glue. Do have a simple example for me?
By the way: CAP_IPC_LOCK is only checked in line 508 of ipc/shm.c:
case SHM_LOCK:
case SHM_UNLOCK:
{
/* Allow superuser to lock segment in memory */
/* Should the pages be faulted in here or leave it to user? */
/* need to determine interaction with current->swappable */
if (!capable(CAP_IPC_LOCK)) {
err = -EPERM;
goto out;
}
There is nothing around that says: "Allow this only without HUGETLB".
Are you sure that this capability is my problem?
next parent reply other threads:[~2004-02-27 0:03 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1tCuq-3AH-1@gated-at.bofh.it>
[not found] ` <1tCEo-3Lh-27@gated-at.bofh.it>
[not found] ` <1tDgT-4r2-13@gated-at.bofh.it>
2004-02-27 0:02 ` Jochen Roemling [this message]
[not found] ` <403E87CF.1080409@roemling.net>
2004-02-27 0:06 ` shmget with SHM_HUGETLB flag: Operation not permitted Chris Wright
2004-02-27 0:32 ` Chris Wright
2004-02-27 0:55 ` Jochen Roemling
2004-02-27 1:11 ` William Lee Irwin III
2004-02-27 1:33 ` Jochen Roemling
2004-02-27 2:11 ` William Lee Irwin III
2004-02-29 21:37 ` Jochen Roemling
2004-02-29 22:31 ` William Lee Irwin III
2004-02-27 16:32 ` Zlatko Calusic
2004-02-27 16:35 ` William Lee Irwin III
2004-02-27 16:42 ` Zlatko Calusic
2004-02-27 0:42 ` Wim Coekaerts
[not found] <1tDJX-4Ua-25@gated-at.bofh.it>
[not found] ` <1tDJX-4Ua-27@gated-at.bofh.it>
[not found] ` <1tDJX-4Ua-29@gated-at.bofh.it>
[not found] ` <1tDTE-51P-23@gated-at.bofh.it>
[not found] ` <1tDTE-51P-21@gated-at.bofh.it>
2004-02-27 0:35 ` Jochen Roemling
2004-02-27 0:58 ` William Lee Irwin III
2004-02-26 22:36 Jochen Roemling
2004-02-26 22:52 ` William Lee Irwin III
2004-02-26 23:27 ` Chris Wright
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=403E8900.4030500@roemling.net \
--to=jochen@roemling.net \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.