X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=security%2Fcommoncap.c;h=1e7895a233631b718393e7d83281a3e60e020bd2;hb=c7b5ebbddf7bcd3651947760f423e3783bbe6573;hp=5f629be7231e5d9543194185cfa117d8458883ec;hpb=a2c21200f1c81b08cb55e417b68150bba439b646;p=linux-2.6.git

diff --git a/security/commoncap.c b/security/commoncap.c
index 5f629be72..1e7895a23 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -314,10 +314,10 @@ int cap_vm_enough_memory(long pages)
 	/*
 	 * Sometimes we want to use more memory than we have
 	 */
-	if (sysctl_overcommit_memory == 1)
+	if (sysctl_overcommit_memory == OVERCOMMIT_ALWAYS)
 		return 0;
 
-	if (sysctl_overcommit_memory == 0) {
+	if (sysctl_overcommit_memory == OVERCOMMIT_GUESS) {
 		unsigned long n;
 
 		free = get_page_cache_size();
@@ -357,6 +357,11 @@ int cap_vm_enough_memory(long pages)
 
 	allowed = (totalram_pages - hugetlb_total_pages())
 	       	* sysctl_overcommit_ratio / 100;
+	/*
+	 * Leave the last 3% for root
+	 */
+	if (!capable(CAP_SYS_ADMIN))
+		allowed -= allowed / 32;
 	allowed += total_swap_pages;
 
 	if (atomic_read(&vm_committed_space) < allowed)