From: Jochen Roemling <jochen@roemling.net>
To: linux-kernel@vger.kernel.org
Subject: Re: shmget with SHM_HUGETLB flag: Operation not permitted
Date: Fri, 27 Feb 2004 01:02:08 +0100 [thread overview]
Message-ID: <403E8900.4030500@roemling.net> (raw)
In-Reply-To: <1tDgT-4r2-13@gated-at.bofh.it>
Chris Wright wrote:
> * William Lee Irwin III (wli@holomorphy.com) wrote:
>
>>On Thu, Feb 26, 2004 at 11:36:03PM +0100, Jochen Roemling wrote:
>>
>>>How can I grant the permission to use HUGETLB to ordinary users?
>>
>>(a) use the fs which uses fs permissions to grant users permission to
>> fiddle with hugetlb
>>(b) man 2 capset
>
>
> In case that part wasn't clear, it would be CAP_IPC_LOCK capability.
>
Thanks. Capset was the keyword I couldn't remember.
_Background:_
I would like to install Oracle 10g Database on Linux with HUGETLB
support. The oracle binary exits with -EPERM because it is not allowed
to create a shared memory segment with the SHM_HUGETLB flag set.
I installed the libcap2 package (from debian testing) and now have the
tool "setcap" available. I wanted to test this on my example pgm
mentioned in the original post using:
roesrv01~ # setcap CAP_IPC_LOCK a.out
fatal error: Invalid argument
usage: setcap [-q] (-|<caps>) <filename> [ ... (-|<capsN>) <filenameN> ]
using the number "14" instead of the name "CAP_IPC_LOCK" doesn't work
either. I don't have any glue. Do have a simple example for me?
By the way: CAP_IPC_LOCK is only checked in line 508 of ipc/shm.c:
case SHM_LOCK:
case SHM_UNLOCK:
{
/* Allow superuser to lock segment in memory */
/* Should the pages be faulted in here or leave it to user? */
/* need to determine interaction with current->swappable */
if (!capable(CAP_IPC_LOCK)) {
err = -EPERM;
goto out;
}
There is nothing around that says: "Allow this only without HUGETLB".
Are you sure that this capability is my problem?
next parent reply other threads:[~2004-02-27 0:03 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1tCuq-3AH-1@gated-at.bofh.it>
[not found] ` <1tCEo-3Lh-27@gated-at.bofh.it>
[not found] ` <1tDgT-4r2-13@gated-at.bofh.it>
2004-02-27 0:02 ` Jochen Roemling [this message]
[not found] ` <403E87CF.1080409@roemling.net>
2004-02-27 0:06 ` shmget with SHM_HUGETLB flag: Operation not permitted Chris Wright
2004-02-27 0:32 ` Chris Wright
2004-02-27 0:55 ` Jochen Roemling
2004-02-27 1:11 ` William Lee Irwin III
2004-02-27 1:33 ` Jochen Roemling
2004-02-27 2:11 ` William Lee Irwin III
2004-02-29 21:37 ` Jochen Roemling
2004-02-29 22:31 ` William Lee Irwin III
2004-02-27 16:32 ` Zlatko Calusic
2004-02-27 16:35 ` William Lee Irwin III
2004-02-27 16:42 ` Zlatko Calusic
2004-02-27 0:42 ` Wim Coekaerts
[not found] <1tDJX-4Ua-25@gated-at.bofh.it>
[not found] ` <1tDJX-4Ua-27@gated-at.bofh.it>
[not found] ` <1tDJX-4Ua-29@gated-at.bofh.it>
[not found] ` <1tDTE-51P-23@gated-at.bofh.it>
[not found] ` <1tDTE-51P-21@gated-at.bofh.it>
2004-02-27 0:35 ` Jochen Roemling
2004-02-27 0:58 ` William Lee Irwin III
2004-02-26 22:36 Jochen Roemling
2004-02-26 22:52 ` William Lee Irwin III
2004-02-26 23:27 ` Chris Wright
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=403E8900.4030500@roemling.net \
--to=jochen@roemling.net \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox