On Tue, 7 Jul 2020 08:04:00 +0000, Tal Shnaiderman wrote:
> Dmitry, It looks like we got to this stage since hugepage_claim_privilege() 
> cannot actually detect that "Lock pages" isn't granted to the current user, 
> as a result we fail on the first usage of a memory management call [in this 
> case rte_calloc()] without indication to the reason.
> 
> Is it possible to add an actual check that the current user is in the list of 
> grantees?

Thanks, I'll look into it.
 
> Alternatively, It would be great to have this privilege added 
> programmatically, I tried the MSDN example in [2] but it didn't work for me 
> while testing, maybe Microsoft team can check if there is a way to do it?

I don't think it's a good idea from security perspective if an application
grants its user new privileges implicitly. Process with SeLockMemory
privilege can affect overall system performance and stability.

-- 
Dmitry Kozlyuk

Reply via email to