From: John Stultz <john.stultz@linaro.org>
Date: Tue, 18 Oct 2016 23:20:23 +0000 (-0700)
Subject: cgroup: Change from CAP_SYS_NICE to CAP_SYS_RESOURCE for cgroup migration permissions
X-Git-Tag: firefly_0821_release~176^2~105
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=273daee0be36235886622396eedb618fc5de0213;p=firefly-linux-kernel-4.4.55.git

cgroup: Change from CAP_SYS_NICE to CAP_SYS_RESOURCE for cgroup migration permissions

Try to better match what we're pushing upstream, use CAP_SYS_RESOURCE
instead of CAP_SYS_NICE, which shoudln't affect Android as Zygote and
system_server already use CAP_SYS_RESOURCE.

Signed-off-by: John Stultz <john.stultz@linaro.org>
---

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index fcb037068e3f..e4552a3cbf41 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -2686,7 +2686,7 @@ static int cgroup_procs_write_permission(struct task_struct *task,
 	if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
 	    !uid_eq(cred->euid, tcred->uid) &&
 	    !uid_eq(cred->euid, tcred->suid) &&
-	    !ns_capable(tcred->user_ns, CAP_SYS_NICE))
+	    !ns_capable(tcred->user_ns, CAP_SYS_RESOURCE))
 		ret = -EACCES;
 
 	if (!ret && cgroup_on_dfl(dst_cgrp)) {