On Wed, Jun 25, 2014 at 6:43 AM, Oleg Nesterov <oleg@xxxxxxxxxx> wrote: > On 06/24, Kees Cook wrote: >> >> --- a/include/linux/sched.h >> +++ b/include/linux/sched.h >> @@ -1307,8 +1307,7 @@ struct task_struct { >> * execve */ >> unsigned in_iowait:1; >> >> - /* task may not gain privileges */ >> - unsigned no_new_privs:1; >> + unsigned long atomic_flags; /* Flags needing atomic access. */ >> >> /* Revert to default priority/policy when forking */ >> unsigned sched_reset_on_fork:1; > > Agreed, personally I like it more than seccomp->flags. > > But probably it would be better to place the new member before/after > other bitfields to save the space? Sure, I'll move it down. (Though I thought the compiler was smarter about that.) -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html