[sugar] [RFC] teach sugar to update oom_adj

[Joshua N Pritikin]

On Tue, Feb 20, 2007 at 05:15:19PM +0100, Marco Pesenti Gritti wrote:
> On Tue, 2007-02-20 at 21:28 +0530, Joshua N Pritikin wrote:
> > On Mon, Feb 19, 2007 at 01:51:07PM +0100, Marco Pesenti Gritti wrote:
> > > Is /proc/pid/oom_adj supposed to be user writable?
> > 
> > It needs capable(CAP_SYS_RESOURCE). Is OLPC going to employ SELinux or 
> > somesuch for Bitfrost? If not then some kind of mini-server running as 
> > root will be needed to traverse the security barrier.
> 
> We already have that (hardwaremanager on dev.laptop.org).

Can any process connect to hardwaremanager? If so, then oom_adj needs 
to be somewhere else. A malicious process could set oom_adj such that 
the next process to die is sugar. Only sugar should have access to set 
oom_adj.

> Though I think functionality which is generic and fit in HAL should just
> go there (less code for us to maintain). I have no idea if oom_adj fits
> in HAL.

Doesn't HAL just issue events and load kernel modules? I don't think 
oom_adj belongs in HAL.

The way bcron handles this kind of thing is as follows:

1. bcron starts as root
2. creates a pipe
3. forks a child to read the pipe
4. the parent switches to the bcron user
5. whenever the parent needs to execute a job, it writes the details to 
the pipe

Sugar could do something similar with the child only able to set 
oom_adj.