The oomkiller calculations make decisions based on capabilities. Since

these are not security decisions and LSMs should not record if they fall
the request they should use the new has_capability_noaudit() interface so
the denials will not be recorded.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Eric Paris 2008-11-11 22:02:54 +11:00 committed by James Morris
parent 06112163f5
commit a2f2945a99

View file

@ -129,8 +129,8 @@ unsigned long badness(struct task_struct *p, unsigned long uptime)
* Superuser processes are usually more important, so we make it
* less likely that we kill those.
*/
if (has_capability(p, CAP_SYS_ADMIN) ||
has_capability(p, CAP_SYS_RESOURCE))
if (has_capability_noaudit(p, CAP_SYS_ADMIN) ||
has_capability_noaudit(p, CAP_SYS_RESOURCE))
points /= 4;
/*
@ -139,7 +139,7 @@ unsigned long badness(struct task_struct *p, unsigned long uptime)
* tend to only have this flag set on applications they think
* of as important.
*/
if (has_capability(p, CAP_SYS_RAWIO))
if (has_capability_noaudit(p, CAP_SYS_RAWIO))
points /= 4;
/*