capabilities: allow nice if we are privileged (f54fb863) · Commits · e / devices / android_kernel_xiaomi_markw

security/commoncap.c

+4 −4

Original line number	Original line	Diff line number	Diff line
	@@ -768,16 +768,16 @@ int cap_task_fix_setuid(struct cred new, const struct cred old, int flags)
	*/		*/
	static int cap_safe_nice(struct task_struct *p)		static int cap_safe_nice(struct task_struct *p)
	{		{
	int is_subset;		int is_subset, ret = 0;

	rcu_read_lock();		rcu_read_lock();
	is_subset = cap_issubset(__task_cred(p)->cap_permitted,		is_subset = cap_issubset(__task_cred(p)->cap_permitted,
	current_cred()->cap_permitted);		current_cred()->cap_permitted);
			if (!is_subset && !ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE))
			ret = -EPERM;
	rcu_read_unlock();		rcu_read_unlock();

	if (!is_subset && !capable(CAP_SYS_NICE))		return ret;
	return -EPERM;
	return 0;
	}		}

	/**		/**