On Wed, Jun 25, 2014 at 6:43 AM, Oleg Nesterov <oleg@xxxxxxxxxx> wrote:
> On 06/24, Kees Cook wrote:
>>
>> --- a/include/linux/sched.h
>> +++ b/include/linux/sched.h
>> @@ -1307,8 +1307,7 @@ struct task_struct {
>> * execve */
>> unsigned in_iowait:1;
>>
>> - /* task may not gain privileges */
>> - unsigned no_new_privs:1;
>> + unsigned long atomic_flags; /* Flags needing atomic access. */
>>
>> /* Revert to default priority/policy when forking */
>> unsigned sched_reset_on_fork:1;
>
> Agreed, personally I like it more than seccomp->flags.
>
> But probably it would be better to place the new member before/after
> other bitfields to save the space?
Sure, I'll move it down. (Though I thought the compiler was smarter about that.)
-Kees
--
Kees Cook
Chrome OS Security
