On Mon, 2 Mar 2015 09:20:32 -0800 Jeff Vander Stoep <jeffv@xxxxxxxxxx> wrote: > A userspace call to mmap(MAP_LOCKED) may result in the successful > locking of memory while also producing a confusing audit log denial. > can_do_mlock checks capable and rlimit. If either of these return > positive can_do_mlock returns true. The capable check leads to an LSM > hook used by apparmour and selinux which produce the audit denial. > Reordering so rlimit is checked first eliminates the denial on success, > only recording a denial when the lock is unsuccessful as a result of > the denial. I'm assuming that this is a minor issue - a bogus audit log, no other consequences. And based on this I queued the patch for 4.0 with no -stable backport. All of this might have been wrong - the changelog wasn't very helpful in making such decisions (hint). -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>