On Mon, 01 Feb 2021 at 09:54:56 -0800, Russ Allbery wrote: > Simon McVittie <s...@debian.org> writes: > > The wider context here is that gnome-keyring-daemon, GNOME's > > implementation of the org.freedesktop.Secrets interface, is currently > > setcap cap_ipc_lock=ep so that it can mlock(2) secrets and stop them > > from getting swapped out. > > Does this serve any useful purpose?
Honestly, probably not, but removing security hardening (however dubious) is a regression, and if I remove it I'm sure there'll be a CVE ID on the way shortly. > If someone cares about this type of > security, they should put swap on an encrypted file system Sure, you know that, and I know that, but existing systems don't have it. smcv