Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a2f2945a authored by Eric Paris's avatar Eric Paris Committed by James Morris
Browse files

The oomkiller calculations make decisions based on capabilities. Since 


these are not security decisions and LSMs should not record if they fall
the request they should use the new has_capability_noaudit() interface so
the denials will not be recorded.

Signed-off-by: default avatarEric Paris <eparis@redhat.com>
Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 06112163

mm/oom_kill.c

+3 −3
Original line number Diff line number Diff line
@@ -129,8 +129,8 @@ unsigned long badness(struct task_struct *p, unsigned long uptime) 
	 * Superuser processes are usually more important, so we make it

	 * less likely that we kill those.

	 */

	if (has_capability(p, CAP_SYS_ADMIN) ||

	    has_capability(p, CAP_SYS_RESOURCE))

	if (has_capability_noaudit(p, CAP_SYS_ADMIN) ||

	    has_capability_noaudit(p, CAP_SYS_RESOURCE))

		points /= 4;



	/*
@@ -139,7 +139,7 @@ unsigned long badness(struct task_struct *p, unsigned long uptime) 
	 * tend to only have this flag set on applications they think

	 * of as important.

	 */

	if (has_capability(p, CAP_SYS_RAWIO))

	if (has_capability_noaudit(p, CAP_SYS_RAWIO))

		points /= 4;



	/*