Re: [patch 11/54] mm: introduce memfd_secret system call to create "secret" memory areas

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jul 7, 2021 at 10:22 PM Mike Rapoport <rppt@xxxxxxxxxxxxx> wrote:
>
> This feature is off by default and should be explicitly enabled by a system
> administrator.

I really don't think that matters, since people would go "oh, I want
secretmem" without being aware of the consequences.

But:

> When it is enabled, a user cannot exceed RLIMIT_MEMLOCK.

I had missed that, even though it was mentioned in the long commit
description. I just read the patch, and was looking at the
secretmem_file_create() and missed how the the limit was there in the
mmap path.

So I'm fine with this.

I still suspect that the "don't hibernate" should maybe at least alert
the sysadmin about *why* the hibernate failed, but let's see if that
ends up being an actual problem.

                 Linus



[Index of Archives]     [Kernel Archive]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]

  Powered by Linux