pipe: change the privilege required for growing a pipe beyond system max



Change it to CAP_SYS_RESOURCE, as that more accurately models what
we want to control.

Suggested-by: Michael Kerrisk <mtk.manpages@googlemail.com>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>

parent 6a6ca57d

fs/pipe.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1178,7 +1178,7 @@ long pipe_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
		nr_pages = (arg + PAGE_SIZE - 1) >> PAGE_SHIFT;
		nr_pages = roundup_pow_of_two(nr_pages);

		if (!capable(CAP_SYS_ADMIN) && nr_pages > pipe_max_pages) {
		if (!capable(CAP_SYS_RESOURCE) && nr_pages > pipe_max_pages) {
		ret = -EPERM;
		goto out;
		} else if (nr_pages < 1) {