[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Failing {lib,}gnome-keyring tests: How to make mlock/munlock availab
From: |
Samuel Thibault |
Subject: |
Re: Failing {lib,}gnome-keyring tests: How to make mlock/munlock available to non-root? |
Date: |
Wed, 15 Oct 2014 11:17:38 +0200 |
User-agent: |
Mutt/1.5.21+34 (58baf7c9f32f) (2010-12-30) |
Svante Signell, le Wed 15 Oct 2014 10:56:41 +0200, a écrit :
> On Wed, 2014-10-15 at 10:06 +0200, Samuel Thibault wrote:
> > Svante Signell, le Wed 15 Oct 2014 09:57:21 +0200, a écrit :
> > > See also https://lists.debian.org/debian-devel/2014/10/msg00201.html for
> > > a discussion on the topic.
> >
> > I can't understand why you proposed to use setuid in order to keep
> > secrets, but oh well.
>
> I did not seriously propose to use setuid,
Well, it did look like you were doing it.
> > To get mlock available to user should be a matter of making gnumach
> > accept vm_wire calls with hostpriv == 0. The amount of such locked
> > memory shall however be accounted and limited. The default on my Linux
> > system is 64KB.
>
> Isn't it dangerous to remove/special case on
> if (host == HOST_NULL)
> return KERN_INVALID_HOST;
> in vm_wire.c?
It isn't if the amount of wirable memory is limited, thus my talking
about the limitation.
> And where to place the defaults and ulimit checks, vm_wire.c or
> mlock.c/munlock.c?
In whatever actually does the wiring inside gnumach.
> BTW: ulimit() is obsolete, one should use getrlimit() and setrlimit()
> nowadays, according to the manpage.
I didn't talk about ulimit() but ulimit -l, which does use
getrlimit()/setrlimit().
Samuel