netsniff-ng: mlock: only lock current and future pages when root

When we're still root, we tell the kernel to lock/protect all current and future pages in memory so that they will not be swapped out in case the system uses up too much. Now when we do xzmalloc_aligned(), it calls internally posix_memalign() that can call mmap(2), thus we will get an EAGAIN as errno, since we're not root anymore and since we wanted to touch sth. that belongs to root. Nasty. Fix this up by only protecting these pages when we do not use -u/-g. Reported-by: Doug Burks <doug.burks@gmail.com> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
author: Daniel Borkmann <dborkman@redhat.com> 2013-04-11 15:37:33 +0200
committer: Daniel Borkmann <dborkman@redhat.com> 2013-04-11 15:37:33 +0200
commit: 0cdcd1d1ad8ec4c107cc09850456d44eea9f3d20 (patch)
tree: 9d51981f25c2f23cbf551473fa7e9dc5d6605fcd /netsniff-ng.c
parent: 2bce4249a8e90c67a24e096f91047795f92ab548 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/netsniff-ng.c b/netsniff-ng.c
index 25f59ac..c1e0d26 100644
--- a/netsniff-ng.c
+++ b/netsniff-ng.c
@@ -1384,11 +1384,13 @@ int main(int argc, char **argv)
 	init_geoip(0);
 	if (setsockmem)
 		set_system_socket_memory(vals, array_size(vals));
-	xlockme();
+	if (!ctx.enforce)
+		xlockme();
 
 	main_loop(&ctx);
 
-	xunlockme();
+	if (!ctx.enforce)
+		xunlockme();
 	if (setsockmem)
 		reset_system_socket_memory(vals, array_size(vals));
 	destroy_geoip();
author	Daniel Borkmann <dborkman@redhat.com>	2013-04-11 15:37:33 +0200
committer	Daniel Borkmann <dborkman@redhat.com>	2013-04-11 15:37:33 +0200
commit	0cdcd1d1ad8ec4c107cc09850456d44eea9f3d20 (patch)
tree	9d51981f25c2f23cbf551473fa7e9dc5d6605fcd /netsniff-ng.c
parent	2bce4249a8e90c67a24e096f91047795f92ab548 (diff)