On Mon, Sep 16, 2019 at 07:09:06AM -0700, Christian Barcenas wrote:
>
> bpf() is currently the only exception to the above, ie. as far as I can tell
> it is the only code that enforces RLIMIT_MEMLOCK but does not honor
> CAP_IPC_LOCK.
Yes. bpf is not honoring CAP_IPC_LOCK comparing to other place
On 9/11/19 8:18 PM, Christian Barcenas wrote:
A process can lock memory addresses into physical RAM explicitly
(via mlock, mlockall, shmctl, etc.) or implicitly (via VFIO,
perf ring-buffers, bpf maps, etc.), subject to RLIMIT_MEMLOCK limits.
CAP_IPC_LOCK allows a process to exceed these limits,
On 9/11/19 8:18 PM, Christian Barcenas wrote:
A process can lock memory addresses into physical RAM explicitly
(via mlock, mlockall, shmctl, etc.) or implicitly (via VFIO,
perf ring-buffers, bpf maps, etc.), subject to RLIMIT_MEMLOCK limits.
CAP_IPC_LOCK allows a process to exceed these limits,
On 9/11/19 7:18 PM, Christian Barcenas wrote:
> A process can lock memory addresses into physical RAM explicitly
> (via mlock, mlockall, shmctl, etc.) or implicitly (via VFIO,
> perf ring-buffers, bpf maps, etc.), subject to RLIMIT_MEMLOCK limits.
>
> CAP_IPC_LOCK allows a process to exceed thes
A process can lock memory addresses into physical RAM explicitly
(via mlock, mlockall, shmctl, etc.) or implicitly (via VFIO,
perf ring-buffers, bpf maps, etc.), subject to RLIMIT_MEMLOCK limits.
CAP_IPC_LOCK allows a process to exceed these limits, and throughout
the kernel this capability is che
