[Openais] Re: 2.6.9 kernel oops with openais
Steven Dake
sdake at mvista.com
Fri Oct 29 17:11:54 PDT 2004
What would be preferrable instead of dropping UID when privleged
services are needed? more specifically I need
* CAP_NET_RAW (bindtodevice)
* CAP_SYS_NICE (setscheduler)
* CAP_IPC_LOCK (mlockall)
I had thought about adding the correct code to get these capabilities
but it still requires a start-from-uid0 environment
THanks
-steve
On Fri, 2004-10-29 at 17:01, Chris Wright wrote:
> * Steven Dake (sdake at mvista.com) wrote:
> > The change was that from 2.6.8 to 2.6.9 the rlimit for memlock was
> > changed from infinity to 32k (and at the same time, normal users are now
> > allowed to use mlockall if they dont have alot of memory to mlock). I
> > fixed up the openais code by doing something evil from uid 0 like:
> >
> > struct rlimit rlimit;
> >
> > rlimit.rlim_cur = RLIM_INFINITY;
> > rlimit.rlim_max = RLIM_INFINITY;
> > setrlimit (RLIMIT_MEMLOCK, &rlimit);
>
> Yeah, that'll do it (although, certainly wouldn't hurt to size it
> down ;-). Hopefully most users aren't dropping uid (I doubt it, since
> I hadn't seen this problem pop up before).
>
> thanks,
> -chris
More information about the Openais
mailing list