diff for duplicates of <4DE4BC64.3040807@jp.fujitsu.com> diff --git a/a/1.txt b/N1/1.txt index 8d4c883..70ad53b 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -4,70 +4,3 @@ >> It is a Fedora-like distro. So, Does this makes sense? - - - ->From e47fedaa546499fa3d4196753194db0609cfa2e5 Mon Sep 17 00:00:00 2001 -From: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> -Date: Tue, 31 May 2011 18:28:30 +0900 -Subject: [PATCH] oom: use euid instead of CAP_SYS_ADMIN for protection root process - -Recently, many userland daemon prefer to use libcap-ng and drop -all privilege just after startup. Because of (1) Almost privilege -are necessary only when special file open, and aren't necessary -read and write. (2) In general, privilege dropping brings better -protection from exploit when bugs are found in the daemon. - -But, it makes suboptimal oom-killer behavior. CAI Qian reported -oom killer killed some important daemon at first on his fedora -like distro. Because they've lost CAP_SYS_ADMIN. - -Of course, we recommend to drop privileges as far as possible -instead of keeping them. Thus, oom killer don't have to check -any capability. It implicitly suggest wrong programming style. - -This patch change root process check way from CAP_SYS_ADMIN to -just euid==0. - -Reported-by: CAI Qian <caiqian@redhat.com> -Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> ---- - mm/oom_kill.c | 8 ++++---- - 1 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/mm/oom_kill.c b/mm/oom_kill.c -index 59eda6e..4e1e8a5 100644 ---- a/mm/oom_kill.c -+++ b/mm/oom_kill.c -@@ -203,7 +203,7 @@ unsigned long oom_badness(struct task_struct *p, struct mem_cgroup *mem, - * Root processes get 3% bonus, just like the __vm_enough_memory() - * implementation used by LSMs. - */ -- if (protect_root && has_capability_noaudit(p, CAP_SYS_ADMIN)) { -+ if (protect_root && (task_euid(p) == 0)) { - if (points >= totalpages / 32) - points -= totalpages / 32; - else -@@ -429,7 +429,7 @@ static void dump_tasks(const struct mem_cgroup *mem, const nodemask_t *nodemask) - struct task_struct *p; - struct task_struct *task; - -- pr_info("[ pid] ppid uid cap total_vm rss swap score_adj name\n"); -+ pr_info("[ pid] ppid uid euid total_vm rss swap score_adj name\n"); - for_each_process(p) { - if (oom_unkillable_task(p, mem, nodemask)) - continue; -@@ -444,9 +444,9 @@ static void dump_tasks(const struct mem_cgroup *mem, const nodemask_t *nodemask) - continue; - } - -- pr_info("[%6d] %6d %5d %3d %8lu %8lu %8lu %9d %s\n", -+ pr_info("[%6d] %6d %5d %5d %8lu %8lu %8lu %9d %s\n", - task_tgid_nr(task), task_tgid_nr(task->real_parent), -- task_uid(task), has_capability_noaudit(task, CAP_SYS_ADMIN), -+ task_uid(task), task_euid(task), - task->mm->total_vm, - get_mm_rss(task->mm) + task->mm->nr_ptes, - get_mm_counter(task->mm, MM_SWAPENTS), --- -1.7.3.1 diff --git a/a/content_digest b/N1/content_digest index f5ca72b..33dd9fd 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -19,73 +19,6 @@ ">>> Which distro are you using now?\n" ">> It is a Fedora-like distro.\n" "\n" - "So, Does this makes sense?\n" - "\n" - "\n" - "\n" - ">From e47fedaa546499fa3d4196753194db0609cfa2e5 Mon Sep 17 00:00:00 2001\n" - "From: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>\n" - "Date: Tue, 31 May 2011 18:28:30 +0900\n" - "Subject: [PATCH] oom: use euid instead of CAP_SYS_ADMIN for protection root process\n" - "\n" - "Recently, many userland daemon prefer to use libcap-ng and drop\n" - "all privilege just after startup. Because of (1) Almost privilege\n" - "are necessary only when special file open, and aren't necessary\n" - "read and write. (2) In general, privilege dropping brings better\n" - "protection from exploit when bugs are found in the daemon.\n" - "\n" - "But, it makes suboptimal oom-killer behavior. CAI Qian reported\n" - "oom killer killed some important daemon at first on his fedora\n" - "like distro. Because they've lost CAP_SYS_ADMIN.\n" - "\n" - "Of course, we recommend to drop privileges as far as possible\n" - "instead of keeping them. Thus, oom killer don't have to check\n" - "any capability. It implicitly suggest wrong programming style.\n" - "\n" - "This patch change root process check way from CAP_SYS_ADMIN to\n" - "just euid==0.\n" - "\n" - "Reported-by: CAI Qian <caiqian@redhat.com>\n" - "Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>\n" - "---\n" - " mm/oom_kill.c | 8 ++++----\n" - " 1 files changed, 4 insertions(+), 4 deletions(-)\n" - "\n" - "diff --git a/mm/oom_kill.c b/mm/oom_kill.c\n" - "index 59eda6e..4e1e8a5 100644\n" - "--- a/mm/oom_kill.c\n" - "+++ b/mm/oom_kill.c\n" - "@@ -203,7 +203,7 @@ unsigned long oom_badness(struct task_struct *p, struct mem_cgroup *mem,\n" - " \t * Root processes get 3% bonus, just like the __vm_enough_memory()\n" - " \t * implementation used by LSMs.\n" - " \t */\n" - "-\tif (protect_root && has_capability_noaudit(p, CAP_SYS_ADMIN)) {\n" - "+\tif (protect_root && (task_euid(p) == 0)) {\n" - " \t\tif (points >= totalpages / 32)\n" - " \t\t\tpoints -= totalpages / 32;\n" - " \t\telse\n" - "@@ -429,7 +429,7 @@ static void dump_tasks(const struct mem_cgroup *mem, const nodemask_t *nodemask)\n" - " \tstruct task_struct *p;\n" - " \tstruct task_struct *task;\n" - "\n" - "-\tpr_info(\"[ pid] ppid uid cap total_vm rss swap score_adj name\\n\");\n" - "+\tpr_info(\"[ pid] ppid uid euid total_vm rss swap score_adj name\\n\");\n" - " \tfor_each_process(p) {\n" - " \t\tif (oom_unkillable_task(p, mem, nodemask))\n" - " \t\t\tcontinue;\n" - "@@ -444,9 +444,9 @@ static void dump_tasks(const struct mem_cgroup *mem, const nodemask_t *nodemask)\n" - " \t\t\tcontinue;\n" - " \t\t}\n" - "\n" - "-\t\tpr_info(\"[%6d] %6d %5d %3d %8lu %8lu %8lu %9d %s\\n\",\n" - "+\t\tpr_info(\"[%6d] %6d %5d %5d %8lu %8lu %8lu %9d %s\\n\",\n" - " \t\t\ttask_tgid_nr(task), task_tgid_nr(task->real_parent),\n" - "-\t\t\ttask_uid(task),\thas_capability_noaudit(task, CAP_SYS_ADMIN),\n" - "+\t\t\ttask_uid(task),\ttask_euid(task),\n" - " \t\t\ttask->mm->total_vm,\n" - " \t\t\tget_mm_rss(task->mm) + task->mm->nr_ptes,\n" - " \t\t\tget_mm_counter(task->mm, MM_SWAPENTS),\n" - "-- \n" - 1.7.3.1 + So, Does this makes sense? -003ab498dcd7c4f8b80063966f19118bfccdeee6aa85c760446368a423a3a3d3 +ece3b1581761c4e4bd6d47706cf76096ee67e9447b1a46c72e53c9fd45dd965e
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.