summaryrefslogtreecommitdiff
path: root/mm/oom_kill.c
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2008-11-11 14:02:54 +0300
committerJames Morris <jmorris@namei.org>2008-11-11 14:02:54 +0300
commita2f2945a99057c7d44043465906c6bb63c3368a0 (patch)
treeb7edb1a346217a2b27d25ea72cc652065877e45a /mm/oom_kill.c
parent06112163f5fd9e491a7f810443d81efa9d88e247 (diff)
downloadlinux-a2f2945a99057c7d44043465906c6bb63c3368a0.tar.xz
The oomkiller calculations make decisions based on capabilities. Since
these are not security decisions and LSMs should not record if they fall the request they should use the new has_capability_noaudit() interface so the denials will not be recorded. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'mm/oom_kill.c')
-rw-r--r--mm/oom_kill.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/mm/oom_kill.c b/mm/oom_kill.c
index 64e5b4bcd964..34a458aa7997 100644
--- a/mm/oom_kill.c
+++ b/mm/oom_kill.c
@@ -129,8 +129,8 @@ unsigned long badness(struct task_struct *p, unsigned long uptime)
* Superuser processes are usually more important, so we make it
* less likely that we kill those.
*/
- if (has_capability(p, CAP_SYS_ADMIN) ||
- has_capability(p, CAP_SYS_RESOURCE))
+ if (has_capability_noaudit(p, CAP_SYS_ADMIN) ||
+ has_capability_noaudit(p, CAP_SYS_RESOURCE))
points /= 4;
/*
@@ -139,7 +139,7 @@ unsigned long badness(struct task_struct *p, unsigned long uptime)
* tend to only have this flag set on applications they think
* of as important.
*/
- if (has_capability(p, CAP_SYS_RAWIO))
+ if (has_capability_noaudit(p, CAP_SYS_RAWIO))
points /= 4;
/*