It would seem to me that the new capabilities stuff _could_ be the answer.
Basically, all "am I root?" checks in the kernel should be becoming cap
flags, the OOM killer already avoids killing root processes, it's already
a tenet that yes you can hose your system doing insane things as root but
that nonroot users should NOT be able to hose a system, so being able to
eg. grant this capability to Oracle or ungrant it from sendmail could let
a sysadmin tell the kernel what must be preserved regardless of its UID.
As a baseline I'd want to see all user processes die before any UID 0
stuff, but being able to retune this would be extremely good.
-- Anthony de Boer -- as seen at http://www.leftmind.net/~adb/ -- BOFH, eh? / "Just when you think you've got a handle on herding cats, \ \ along comes a three-legged cat on amphetamines." -- Skud / - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to email@example.com More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/