The patch titled oom_kill: remove uid==0 checks has been added to the -mm tree. Its filename is oom_kill-remove-uid==0-checks.patch *** Remember to use Documentation/SubmitChecklist when testing your code *** See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find out what to do about this ------------------------------------------------------ Subject: oom_kill: remove uid==0 checks From: "Serge E. Hallyn" <serue@xxxxxxxxxx> Root processes are considered more important when out of memory and killing proceses. The check for CAP_SYS_ADMIN was augmented with a check for uid==0 or euid==0. There are several possible ways to look at this: 1. uid comparisons are unnecessary, trust CAP_SYS_ADMIN alone. However CAP_SYS_RESOURCE is the one that really means "give me extra resources" so allow for that as well. 2. Any privileged code should be protected, but uid is not an indication of privilege. So we should check whether any capabilities are raised. 3. uid==0 makes processes on the host as well as in containers more important, so we should keep the existing checks. 4. uid==0 makes processes only on the host more important, even without any capabilities. So we should be keeping the (uid==0||euid==0) check but only when userns==&init_user_ns. I'm following number 1 here. Signed-off-by: Serge Hallyn <serue@xxxxxxxxxx> Cc: Andrew Morgan <morgan@xxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- mm/oom_kill.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -puN mm/oom_kill.c~oom_kill-remove-uid==0-checks mm/oom_kill.c --- a/mm/oom_kill.c~oom_kill-remove-uid==0-checks +++ a/mm/oom_kill.c @@ -125,7 +125,7 @@ unsigned long badness(struct task_struct * Superuser processes are usually more important, so we make it * less likely that we kill those. */ - if (__capable(p, CAP_SYS_ADMIN) || p->uid == 0 || p->euid == 0) + if (__capable(p, CAP_SYS_ADMIN) || __capable(p, CAP_SYS_RESOURCE)) points /= 4; /* _ Patches currently in -mm which might be from serue@xxxxxxxxxx are git-agpgart.patch git-net.patch git-unionfs.patch vfs-security-rework-inode_getsecurity-and-callers-to.patch vfs-reorder-vfs_getxattr-to-avoid-unnecessary-calls-to-the-lsm.patch revert-capabilities-clean-up-file-capability-reading.patch revert-capabilities-clean-up-file-capability-reading-checkpatch-fixes.patch add-64-bit-capability-support-to-the-kernel.patch add-64-bit-capability-support-to-the-kernel-checkpatch-fixes.patch add-64-bit-capability-support-to-the-kernel-fix.patch add-64-bit-capability-support-to-the-kernel-fix-fix.patch add-64-bit-capability-support-to-the-kernel-fix-modify-old-libcap-warning-message.patch add-64-bit-capability-support-to-the-kernel-fix-modify-old-libcap-warning-message-checkpatch-fixes.patch add-64-bit-capability-support-to-the-kernel-fix-modify-old-libcap-warning-message-fix.patch 64bit-capability-support-legacy-support-fix.patch add-64-bit-capability-support-to-the-kernel-capabilities-export-__cap_-symbols.patch capabilities-introduce-per-process-capability-bounding-set.patch capabilities-introduce-per-process-capability-bounding-set-capabilities-correct-logic-at-capset_check.patch oom_kill-remove-uid==0-checks.patch smack-using-capabilities-32-and-33.patch smack-using-capabilities-32-and-33-update-cap_last_cap-to-reflect-cap_mac_admin.patch r-o-bind-mounts-stub-functions.patch r-o-bind-mounts-do_rmdir-elevate-write-count.patch add-the-namespaces-config-option.patch move-the-uts-namespace-under-uts_ns-option.patch move-the-ipc-namespace-under-ipc_ns-option.patch cleanup-the-code-managed-with-the-user_ns-option.patch cleanup-the-code-managed-with-pid_ns-option.patch mark-net_ns-with-depends-on-namespaces.patch proc-seqfile-convert-proc_pid_status-to-properly-handle-pid-namespaces.patch proc-seqfile-convert-proc_pid_status-to-properly-handle-pid-namespaces-checkpatch-fixes.patch reiser4-replace-uid==0-check-with-capability.patch - To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html