Date: Sat, 12 Apr 2008 13:38:38 -0400 From: Joe Marcus Clarke <marcus@marcuscom.com> To: Coleman Kane <cokane@freebsd.org> Cc: gnome@freebsd.org, imp@freebsd.org Subject: Re: Seahorse issues Message-ID: <1208021918.82222.18.camel@shumai.marcuscom.com> In-Reply-To: <1208018626.10093.7.camel@localhost> References: <47FD09AC.2020907@FreeBSD.org> <1207776230.61729.28.camel@shumai.marcuscom.com> <47FD34E8.2000005@FreeBSD.org> <1207872846.87478.38.camel@shumai.marcuscom.com> <47FF66E3.8000304@FreeBSD.org> <47FF722B.109@FreeBSD.org> <1207929297.55415.13.camel@shumai.marcuscom.com> <1208018626.10093.7.camel@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-XJwDc5/IfVKRl+8Tq9fV Content-Type: multipart/mixed; boundary="=-ZOb9zpGyINZs57Bvw+FQ" --=-ZOb9zpGyINZs57Bvw+FQ Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sat, 2008-04-12 at 12:43 -0400, Coleman Kane wrote: >=20 > As for the mlock() privilege issue, I am not sure what we'll do about > that. It would be nice, at some point, to support that feature for > normal users. As long as I'm diligent about my swap-space, etc... and > access to my workstation, I'm *pretty* secure. Things like common-use > lab computers, etc... are probably more appropriate for this feature. Since we already have an rlimit for locked memory (RLIMIT_MEMLOCK), and it is used by the mlock(2) syscall, what about the attached patch to add a sysctl to control user access to mlock (but not allowing mlockall(2))? This has been tested to fix the gnome-keyring issue when the sysctl is set to 1. If this is agreeable, I can add some manpage docs as well. Joe --=20 PGP Key : http://www.marcuscom.com/pgp.asc --=-ZOb9zpGyINZs57Bvw+FQ Content-Disposition: attachment; filename=vm_mmap.c.diff Content-Type: text/x-patch; name=vm_mmap.c.diff; charset=ISO-8859-1 Content-Transfer-Encoding: base64 LS0tIHNyYy9zeXMvdm0vdm1fbW1hcC5jLm9yaWcJMjAwOC0wNC0xMiAxMzoxMTo1NC4wMDAwMDAw MDAgLTA0MDANCisrKyBzcmMvc3lzL3ZtL3ZtX21tYXAuYwkyMDA4LTA0LTEyIDEzOjE2OjIwLjAw MDAwMDAwMCAtMDQwMA0KQEAgLTk1LDYgKzk1LDEwIEBAIHN0cnVjdCBzYnJrX2FyZ3Mgew0KIHN0 YXRpYyBpbnQgbWF4X3Byb2NfbW1hcDsNCiBTWVNDVExfSU5UKF92bSwgT0lEX0FVVE8sIG1heF9w cm9jX21tYXAsIENUTEZMQUdfUlcsICZtYXhfcHJvY19tbWFwLCAwLCAiIik7DQogDQorc3RhdGlj IGludCB1bnByaXZpbGVnZWRfbWxvY2sgPSAwOw0KK1NZU0NUTF9JTlQoX3NlY3VyaXR5X2JzZCwg T0lEX0FVVE8sIHVucHJpdmlsZWdlZF9tbG9jaywgQ1RMRkxBR19SVywNCisgICAgJnVucHJpdmls ZWdlZF9tbG9jaywgMCwgIlVucHJpdmlsZWdlZCBwcm9jZXNzZXMgbWF5IHVzZSBtbG9jayIpOw0K Kw0KIC8qDQogICogU2V0IHRoZSBtYXhpbXVtIG51bWJlciBvZiB2bV9tYXBfZW50cnkgc3RydWN0 dXJlcyBwZXIgcHJvY2Vzcy4gIFJvdWdobHkNCiAgKiBzcGVha2luZyB2bV9tYXBfZW50cnkgc3Ry dWN0dXJlcyBhcmUgdGlueSwgc28gYWxsb3dpbmcgdGhlbSB0byBlYXQgMS8xMDANCkBAIC05ODQs OSArOTg4LDExIEBAIG1sb2NrKHRkLCB1YXApDQogCXZtX3NpemVfdCBucGFnZXMsIHNpemU7DQog CWludCBlcnJvcjsNCiANCi0JZXJyb3IgPSBwcml2X2NoZWNrKHRkLCBQUklWX1ZNX01MT0NLKTsN Ci0JaWYgKGVycm9yKQ0KLQkJcmV0dXJuIChlcnJvcik7DQorCWlmICghdW5wcml2aWxlZ2VkX21s b2NrKSB7DQorCQllcnJvciA9IHByaXZfY2hlY2sodGQsIFBSSVZfVk1fTUxPQ0spOw0KKwkJaWYg KGVycm9yKQ0KKwkJCXJldHVybiAoZXJyb3IpOw0KKwl9DQogCWFkZHIgPSAodm1fb2Zmc2V0X3Qp dWFwLT5hZGRyOw0KIAlzaXplID0gdWFwLT5sZW47DQogCWxhc3QgPSBhZGRyICsgc2l6ZTsNCg== --=-ZOb9zpGyINZs57Bvw+FQ-- --=-XJwDc5/IfVKRl+8Tq9fV Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (FreeBSD) iEYEABECAAYFAkgA854ACgkQb2iPiv4Uz4ePvQCfRGhxroJx4Qvi/En693n/Oqd+ KZIAni+9wGtSUbPo5HMA4lJ83iLVWWBN =xVWV -----END PGP SIGNATURE----- --=-XJwDc5/IfVKRl+8Tq9fV--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1208021918.82222.18.camel>