Commit 64f0245f authored Oct 18, 2016 by John Stultz Committed by Dmitry Shmidt Oct 24, 2016

[RFC]cgroup: Change from CAP_SYS_NICE to CAP_SYS_RESOURCE for cgroup migration permissions



Try to better match what we're pushing upstream, use CAP_SYS_RESOURCE
instead of CAP_SYS_NICE, which shoudln't affect Android as Zygote and
system_server already use CAP_SYS_RESOURCE.

Signed-off-by: John Stultz <john.stultz@linaro.org>

parent a3c8dc25

kernel/cgroup.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -2678,7 +2678,7 @@ static int cgroup_procs_write_permission(struct task_struct *task,
		if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
		!uid_eq(cred->euid, tcred->uid) &&
		!uid_eq(cred->euid, tcred->suid) &&
		!ns_capable(tcred->user_ns, CAP_SYS_NICE))
		!ns_capable(tcred->user_ns, CAP_SYS_RESOURCE))
		ret = -EACCES;

		if (!ret && cgroup_on_dfl(dst_cgrp)) {