diff options
author | Eric Paris <eparis@redhat.com> | 2008-11-11 06:02:54 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-11-11 06:02:54 -0500 |
commit | a2f2945a99057c7d44043465906c6bb63c3368a0 (patch) | |
tree | b7edb1a346217a2b27d25ea72cc652065877e45a | |
parent | 06112163f5fd9e491a7f810443d81efa9d88e247 (diff) |
The oomkiller calculations make decisions based on capabilities. Since
these are not security decisions and LSMs should not record if they fall
the request they should use the new has_capability_noaudit() interface so
the denials will not be recorded.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r-- | mm/oom_kill.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/mm/oom_kill.c b/mm/oom_kill.c index 64e5b4bcd964..34a458aa7997 100644 --- a/mm/oom_kill.c +++ b/mm/oom_kill.c | |||
@@ -129,8 +129,8 @@ unsigned long badness(struct task_struct *p, unsigned long uptime) | |||
129 | * Superuser processes are usually more important, so we make it | 129 | * Superuser processes are usually more important, so we make it |
130 | * less likely that we kill those. | 130 | * less likely that we kill those. |
131 | */ | 131 | */ |
132 | if (has_capability(p, CAP_SYS_ADMIN) || | 132 | if (has_capability_noaudit(p, CAP_SYS_ADMIN) || |
133 | has_capability(p, CAP_SYS_RESOURCE)) | 133 | has_capability_noaudit(p, CAP_SYS_RESOURCE)) |
134 | points /= 4; | 134 | points /= 4; |
135 | 135 | ||
136 | /* | 136 | /* |
@@ -139,7 +139,7 @@ unsigned long badness(struct task_struct *p, unsigned long uptime) | |||
139 | * tend to only have this flag set on applications they think | 139 | * tend to only have this flag set on applications they think |
140 | * of as important. | 140 | * of as important. |
141 | */ | 141 | */ |
142 | if (has_capability(p, CAP_SYS_RAWIO)) | 142 | if (has_capability_noaudit(p, CAP_SYS_RAWIO)) |
143 | points /= 4; | 143 | points /= 4; |
144 | 144 | ||
145 | /* | 145 | /* |