From owner-freebsd-gnome@FreeBSD.ORG  Sat Apr 12 17:38:39 2008
Return-Path: <owner-freebsd-gnome@FreeBSD.ORG>
Delivered-To: gnome@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id CB677106566B;
	Sat, 12 Apr 2008 17:38:39 +0000 (UTC)
	(envelope-from marcus@marcuscom.com)
Received: from creme-brulee.marcuscom.com
	(marcuscom-pt.tunnel.tserv1.fmt.ipv6.he.net
	[IPv6:2001:470:1f00:ffff::1279])
	by mx1.freebsd.org (Postfix) with ESMTP id 7DDF38FC12;
	Sat, 12 Apr 2008 17:38:39 +0000 (UTC)
	(envelope-from marcus@marcuscom.com)
Received: from [IPv6:2001:470:1f00:2464::4] (shumai.marcuscom.com
	[IPv6:2001:470:1f00:2464::4])
	by creme-brulee.marcuscom.com (8.14.2/8.14.2) with ESMTP id
	m3CHdFRq074204; Sat, 12 Apr 2008 13:39:15 -0400 (EDT)
	(envelope-from marcus@marcuscom.com)
From: Joe Marcus Clarke <marcus@marcuscom.com>
To: Coleman Kane <cokane@freebsd.org>
In-Reply-To: <1208018626.10093.7.camel@localhost>
References: <47FD09AC.2020907@FreeBSD.org>
	<1207776230.61729.28.camel@shumai.marcuscom.com>
	<47FD34E8.2000005@FreeBSD.org>
	<1207872846.87478.38.camel@shumai.marcuscom.com>
	<47FF66E3.8000304@FreeBSD.org>  <47FF722B.109@FreeBSD.org>
	<1207929297.55415.13.camel@shumai.marcuscom.com>
	<1208018626.10093.7.camel@localhost>
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="=-XJwDc5/IfVKRl+8Tq9fV"
Organization: MarcusCom, Inc.
Date: Sat, 12 Apr 2008 13:38:38 -0400
Message-Id: <1208021918.82222.18.camel@shumai.marcuscom.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.22.1 FreeBSD GNOME Team Port 
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,NO_RELAYS
	autolearn=ham version=3.2.4
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on
	creme-brulee.marcuscom.com
Cc: gnome@freebsd.org, imp@freebsd.org
Subject: Re: Seahorse issues
X-BeenThere: freebsd-gnome@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GNOME for FreeBSD -- porting and maintaining
	<freebsd-gnome.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-gnome>,
	<mailto:freebsd-gnome-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-gnome>
List-Post: <mailto:freebsd-gnome@freebsd.org>
List-Help: <mailto:freebsd-gnome-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-gnome>,
	<mailto:freebsd-gnome-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Apr 2008 17:38:39 -0000


--=-XJwDc5/IfVKRl+8Tq9fV
Content-Type: multipart/mixed; boundary="=-ZOb9zpGyINZs57Bvw+FQ"


--=-ZOb9zpGyINZs57Bvw+FQ
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Sat, 2008-04-12 at 12:43 -0400, Coleman Kane wrote:
>=20
> As for the mlock() privilege issue, I am not sure what we'll do about
> that. It would be nice, at some point, to support that feature for
> normal users. As long as I'm diligent about my swap-space, etc... and
> access to my workstation, I'm *pretty* secure. Things like common-use
> lab computers, etc... are probably more appropriate for this feature.

Since we already have an rlimit for locked memory (RLIMIT_MEMLOCK), and
it is used by the mlock(2) syscall, what about the attached patch to add
a sysctl to control user access to mlock (but not allowing mlockall(2))?
This has been tested to fix the gnome-keyring issue when the sysctl is
set to 1.  If this is agreeable, I can add some manpage docs as well.

Joe

--=20
PGP Key : http://www.marcuscom.com/pgp.asc

--=-ZOb9zpGyINZs57Bvw+FQ
Content-Disposition: attachment; filename=vm_mmap.c.diff
Content-Type: text/x-patch; name=vm_mmap.c.diff; charset=ISO-8859-1
Content-Transfer-Encoding: base64

LS0tIHNyYy9zeXMvdm0vdm1fbW1hcC5jLm9yaWcJMjAwOC0wNC0xMiAxMzoxMTo1NC4wMDAwMDAw
MDAgLTA0MDANCisrKyBzcmMvc3lzL3ZtL3ZtX21tYXAuYwkyMDA4LTA0LTEyIDEzOjE2OjIwLjAw
MDAwMDAwMCAtMDQwMA0KQEAgLTk1LDYgKzk1LDEwIEBAIHN0cnVjdCBzYnJrX2FyZ3Mgew0KIHN0
YXRpYyBpbnQgbWF4X3Byb2NfbW1hcDsNCiBTWVNDVExfSU5UKF92bSwgT0lEX0FVVE8sIG1heF9w
cm9jX21tYXAsIENUTEZMQUdfUlcsICZtYXhfcHJvY19tbWFwLCAwLCAiIik7DQogDQorc3RhdGlj
IGludCB1bnByaXZpbGVnZWRfbWxvY2sgPSAwOw0KK1NZU0NUTF9JTlQoX3NlY3VyaXR5X2JzZCwg
T0lEX0FVVE8sIHVucHJpdmlsZWdlZF9tbG9jaywgQ1RMRkxBR19SVywNCisgICAgJnVucHJpdmls
ZWdlZF9tbG9jaywgMCwgIlVucHJpdmlsZWdlZCBwcm9jZXNzZXMgbWF5IHVzZSBtbG9jayIpOw0K
Kw0KIC8qDQogICogU2V0IHRoZSBtYXhpbXVtIG51bWJlciBvZiB2bV9tYXBfZW50cnkgc3RydWN0
dXJlcyBwZXIgcHJvY2Vzcy4gIFJvdWdobHkNCiAgKiBzcGVha2luZyB2bV9tYXBfZW50cnkgc3Ry
dWN0dXJlcyBhcmUgdGlueSwgc28gYWxsb3dpbmcgdGhlbSB0byBlYXQgMS8xMDANCkBAIC05ODQs
OSArOTg4LDExIEBAIG1sb2NrKHRkLCB1YXApDQogCXZtX3NpemVfdCBucGFnZXMsIHNpemU7DQog
CWludCBlcnJvcjsNCiANCi0JZXJyb3IgPSBwcml2X2NoZWNrKHRkLCBQUklWX1ZNX01MT0NLKTsN
Ci0JaWYgKGVycm9yKQ0KLQkJcmV0dXJuIChlcnJvcik7DQorCWlmICghdW5wcml2aWxlZ2VkX21s
b2NrKSB7DQorCQllcnJvciA9IHByaXZfY2hlY2sodGQsIFBSSVZfVk1fTUxPQ0spOw0KKwkJaWYg
KGVycm9yKQ0KKwkJCXJldHVybiAoZXJyb3IpOw0KKwl9DQogCWFkZHIgPSAodm1fb2Zmc2V0X3Qp
dWFwLT5hZGRyOw0KIAlzaXplID0gdWFwLT5sZW47DQogCWxhc3QgPSBhZGRyICsgc2l6ZTsNCg==


--=-ZOb9zpGyINZs57Bvw+FQ--

--=-XJwDc5/IfVKRl+8Tq9fV
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (FreeBSD)

iEYEABECAAYFAkgA854ACgkQb2iPiv4Uz4ePvQCfRGhxroJx4Qvi/En693n/Oqd+
KZIAni+9wGtSUbPo5HMA4lJ83iLVWWBN
=xVWV
-----END PGP SIGNATURE-----

--=-XJwDc5/IfVKRl+8Tq9fV--