projects / firefly-linux-kernel-4.4.55.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9d37de6)
cgroup: Change from CAP_SYS_NICE to CAP_SYS_RESOURCE for cgroup migration permissions
authorJohn Stultz <john.stultz@linaro.org>
Tue, 18 Oct 2016 23:20:23 +0000 (16:20 -0700)
committerAmit Pundir <amit.pundir@linaro.org>
Tue, 25 Oct 2016 13:53:04 +0000 (21:53 +0800)
Try to better match what we're pushing upstream, use CAP_SYS_RESOURCE
instead of CAP_SYS_NICE, which shoudln't affect Android as Zygote and
system_server already use CAP_SYS_RESOURCE.

Signed-off-by: John Stultz <john.stultz@linaro.org>
kernel/cgroup.c patch | blob | history

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index fcb037068e3f862b8ad4d9bae84fac51f38cc3ff..e4552a3cbf418a666a55a462707aba46b0d66960 100644 (file)
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -2686,7 +2686,7 @@ static int cgroup_procs_write_permission(struct task_struct *task,
        if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
            !uid_eq(cred->euid, tcred->uid) &&
            !uid_eq(cred->euid, tcred->suid) &&
-           !ns_capable(tcred->user_ns, CAP_SYS_NICE))
+           !ns_capable(tcred->user_ns, CAP_SYS_RESOURCE))
                ret = -EACCES;
 
        if (!ret && cgroup_on_dfl(dst_cgrp)) {
Unnamed repository; edit this file 'description' to name the repository.