https://bugzilla.novell.com/show_bug.cgi?id=205752 Summary: EPERM not returned by mlock when the calling process has no privilege Product: SUSE Linux 10.1 Version: Final Platform: i386 OS/Version: SuSE Linux 10.1 Status: NEW Severity: Normal Priority: P5 - None Component: Kernel AssignedTo: kernel-maintainers@forge.provo.novell.com ReportedBy: yxu@novell.com QAContact: qa@suse.de While working on LTP: testcases/open_posix_testsuite/conformance/interfaces/mlock/12_1.c, from the test intention, mlock should fail with EPERM if the calling process does not have the appropriate privilege to perform the requested operation as written in POSIX. But EPERM is not returned, so I think it was not implemented in linux/mm/mlock.c file. I modified mm/mlock.c file, then built a new kernel and test it again with the new kernel, and the test PASS. Here is the patch: --- /usr/src/linux/mm/mlock.c.orig 2006-09-14 16:49:01.000000000 +0200 +++ /usr/src/linux/mm/mlock.c 2006-09-14 15:08:24.000000000 +0200 @@ -130,6 +130,9 @@ asmlinkage long sys_mlock(unsigned long if (!can_do_mlock()) return -EPERM; + if (!capable(CAP_IPC_LOCK)) + return -EPERM; + down_write(¤t->mm->mmap_sem); len = PAGE_ALIGN(len + (start & ~PAGE_MASK)); start &= PAGE_MASK; @@ -196,6 +199,9 @@ asmlinkage long sys_mlockall(int flags) if (!can_do_mlock()) goto out; + if (!capable(CAP_IPC_LOCK)) + goto out; + down_write(¤t->mm->mmap_sem); lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur; mlock-EPERM.patch lines 1-22/22 (END) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.