Svante Signell, le Wed 15 Oct 2014 10:56:41 +0200, a écrit : > On Wed, 2014-10-15 at 10:06 +0200, Samuel Thibault wrote: > > Svante Signell, le Wed 15 Oct 2014 09:57:21 +0200, a écrit : > > > See also https://lists.debian.org/debian-devel/2014/10/msg00201.html for > > > a discussion on the topic. > > > > I can't understand why you proposed to use setuid in order to keep > > secrets, but oh well. > > I did not seriously propose to use setuid,
Well, it did look like you were doing it. > > To get mlock available to user should be a matter of making gnumach > > accept vm_wire calls with hostpriv == 0. The amount of such locked > > memory shall however be accounted and limited. The default on my Linux > > system is 64KB. > > Isn't it dangerous to remove/special case on > if (host == HOST_NULL) > return KERN_INVALID_HOST; > in vm_wire.c? It isn't if the amount of wirable memory is limited, thus my talking about the limitation. > And where to place the defaults and ulimit checks, vm_wire.c or > mlock.c/munlock.c? In whatever actually does the wiring inside gnumach. > BTW: ulimit() is obsolete, one should use getrlimit() and setrlimit() > nowadays, according to the manpage. I didn't talk about ulimit() but ulimit -l, which does use getrlimit()/setrlimit(). Samuel
