The oomkiller calculations make decisions based on capabilities. Since these are not security decisions and LSMs should not record if they fall the request they should use the new has_capability_noaudit() interface so the denials will not be recorded. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>

commit: a2f2945a99057c7d44043465906c6bb63c3368a0 [log] [tgz]
author: Eric Paris <eparis@redhat.com> Tue Nov 11 22:02:54 2008 +1100
committer: James Morris <jmorris@namei.org> Tue Nov 11 22:02:54 2008 +1100
tree: b7edb1a346217a2b27d25ea72cc652065877e45a
parent: 06112163f5fd9e491a7f810443d81efa9d88e247 [diff] [blame]
diff --git a/mm/oom_kill.c b/mm/oom_kill.c
index 64e5b4b..34a458a 100644
--- a/mm/oom_kill.c
+++ b/mm/oom_kill.c

@@ -129,8 +129,8 @@
 	 * Superuser processes are usually more important, so we make it
 	 * less likely that we kill those.
 	 */
-	if (has_capability(p, CAP_SYS_ADMIN) ||
-	    has_capability(p, CAP_SYS_RESOURCE))
+	if (has_capability_noaudit(p, CAP_SYS_ADMIN) ||
+	    has_capability_noaudit(p, CAP_SYS_RESOURCE))
 		points /= 4;
 
 	/*
@@ -139,7 +139,7 @@
 	 * tend to only have this flag set on applications they think
 	 * of as important.
 	 */
-	if (has_capability(p, CAP_SYS_RAWIO))
+	if (has_capability_noaudit(p, CAP_SYS_RAWIO))
 		points /= 4;
 
 	/*
commit	a2f2945a99057c7d44043465906c6bb63c3368a0	[log] [tgz]
author	Eric Paris <eparis@redhat.com>	Tue Nov 11 22:02:54 2008 +1100
committer	James Morris <jmorris@namei.org>	Tue Nov 11 22:02:54 2008 +1100
tree	b7edb1a346217a2b27d25ea72cc652065877e45a
parent	06112163f5fd9e491a7f810443d81efa9d88e247 [diff] [blame]