The oomkiller calculations make decisions based on capabilities. Since

these are not security decisions and LSMs should not record if they fall the request they should use the new has_capability_noaudit() interface so the denials will not be recorded. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
author: Eric Paris <eparis@redhat.com> 2008-11-11 06:02:54 -0500
committer: James Morris <jmorris@namei.org> 2008-11-11 06:02:54 -0500
commit: a2f2945a99057c7d44043465906c6bb63c3368a0 (patch)
tree: b7edb1a346217a2b27d25ea72cc652065877e45a /mm
parent: 06112163f5fd9e491a7f810443d81efa9d88e247 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/mm/oom_kill.c b/mm/oom_kill.c
index 64e5b4bcd964..34a458aa7997 100644
--- a/mm/oom_kill.c
+++ b/mm/oom_kill.c
@@ -129,8 +129,8 @@ unsigned long badness(struct task_struct *p, unsigned long uptime)
         * Superuser processes are usually more important, so we make it
         * less likely that we kill those.
         */
-        if (has_capability(p, CAP_SYS_ADMIN) ||
+        if (has_capability_noaudit(p, CAP_SYS_ADMIN) ||
-            has_capability(p, CAP_SYS_RESOURCE))
+            has_capability_noaudit(p, CAP_SYS_RESOURCE))
                points /= 4;
        /*
@@ -139,7 +139,7 @@ unsigned long badness(struct task_struct *p, unsigned long uptime)
         * tend to only have this flag set on applications they think
         * of as important.
         */
-        if (has_capability(p, CAP_SYS_RAWIO))
+        if (has_capability_noaudit(p, CAP_SYS_RAWIO))
                points /= 4;
        /*
author	Eric Paris <eparis@redhat.com>	2008-11-11 06:02:54 -0500
committer	James Morris <jmorris@namei.org>	2008-11-11 06:02:54 -0500
commit	a2f2945a99057c7d44043465906c6bb63c3368a0 (patch)
tree	b7edb1a346217a2b27d25ea72cc652065877e45a /mm
parent	06112163f5fd9e491a7f810443d81efa9d88e247 (diff)

diff --git a/mm/oom_kill.c b/mm/oom_kill.c index 64e5b4bcd964..34a458aa7997 100644 --- a/mm/oom_kill.c +++ b/mm/oom_kill.c
@@ -129,8 +129,8 @@ unsigned long badness(struct task_struct *p, unsigned long uptime)
129	* Superuser processes are usually more important, so we make it	129	* Superuser processes are usually more important, so we make it
130	* less likely that we kill those.	130	* less likely that we kill those.
131	*/	131	*/
132	if (has_capability(p, CAP_SYS_ADMIN) \|\|	132	if (has_capability_noaudit(p, CAP_SYS_ADMIN) \|\|
133	has_capability(p, CAP_SYS_RESOURCE))	133	has_capability_noaudit(p, CAP_SYS_RESOURCE))
134	points /= 4;	134	points /= 4;
135		135
136	/*	136	/*
@@ -139,7 +139,7 @@ unsigned long badness(struct task_struct *p, unsigned long uptime)
139	* tend to only have this flag set on applications they think	139	* tend to only have this flag set on applications they think
140	* of as important.	140	* of as important.
141	*/	141	*/
142	if (has_capability(p, CAP_SYS_RAWIO))	142	if (has_capability_noaudit(p, CAP_SYS_RAWIO))
143	points /= 4;	143	points /= 4;
144		144
145	/*	145	/*