• Serge E. Hallyn's avatar
    oom_kill: remove uid==0 checks · 97829955
    Serge E. Hallyn authored
    Root processes are considered more important when out of memory and killing
    proceses.  The check for CAP_SYS_ADMIN was augmented with a check for
    uid==0 or euid==0.
    
    There are several possible ways to look at this:
    
    	1. uid comparisons are unnecessary, trust CAP_SYS_ADMIN
    	   alone.  However CAP_SYS_RESOURCE is the one that really
    	   means "give me extra resources" so allow for that as
    	   well.
    	2. Any privileged code should be protected, but uid is not
    	   an indication of privilege.  So we should check whether
    	   any capabilities are raised.
    	3. uid==0 makes processes on the host as well as in containers
    	   more important, so we should keep the existing checks.
    	4. uid==0 makes processes only on the host more important,
    	   even without any capabilities.  So we should be keeping
    	   the (uid==0||euid==0) check but only when
    	   userns==&init_user_ns.
    
    I'm following number 1 here.
    Signed-off-by: default avatarSerge Hallyn <serue@us.ibm.com>
    Cc: Andrew Morgan <morgan@kernel.org>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    97829955
oom_kill.c 13.1 KB