vserver 1.9.3

[linux-2.6.git] / security / commoncap.c

diff --git a/security/commoncap.c b/security/commoncap.c
index 9b8cd2d..1e7895a 100644 (file)
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -289,7 +289,7 @@ void cap_task_reparent_to_init (struct task_struct *p)
 
 int cap_syslog (int type)
 {
-       if ((type != 3) && !capable(CAP_SYS_ADMIN))
+       if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN))
                return -EPERM;
        return 0;
 }
@@ -314,10 +314,10 @@ int cap_vm_enough_memory(long pages)
        /*
         * Sometimes we want to use more memory than we have
         */
-       if (sysctl_overcommit_memory == 1)
+       if (sysctl_overcommit_memory == OVERCOMMIT_ALWAYS)
                return 0;
 
-       if (sysctl_overcommit_memory == 0) {
+       if (sysctl_overcommit_memory == OVERCOMMIT_GUESS) {
                unsigned long n;
 
                free = get_page_cache_size();
@@ -357,6 +357,11 @@ int cap_vm_enough_memory(long pages)
 
        allowed = (totalram_pages - hugetlb_total_pages())
                * sysctl_overcommit_ratio / 100;
+       /*
+        * Leave the last 3% for root
+        */
+       if (!capable(CAP_SYS_ADMIN))
+               allowed -= allowed / 32;
        allowed += total_swap_pages;
 
        if (atomic_read(&vm_committed_space) < allowed)