Re: [RESEND][PATCH] proc: Fix timerslack_ns CAP_SYS_NICE check when adjusting self

From: John Stultz
Date: Mon Aug 29 2016 - 14:28:52 EST

Next message: Andreas FÃrber: "Re: [RFC PATCH 0/3] ARm64: amlogic: Introduce common GX family dtsi"
Previous message: Chris Metcalf: "Re: [PATCH v15 04/13] task_isolation: add initial support"
Next in thread: Serge E. Hallyn: "Re: [RESEND][PATCH] proc: Fix timerslack_ns CAP_SYS_NICE check when adjusting self"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Aug 22, 2016 at 4:01 PM, John Stultz <john.stultz@xxxxxxxxxx> wrote:
> In changing from checking ptrace_may_access(p, PTRACE_MODE_ATTACH_FSCREDS)
> to capable(CAP_SYS_NICE), I missed that ptrace_my_access succeeds
> when p == current, but the CAP_SYS_NICE doesn't.
>
> Thus while the previous commit was intended to loosen the needed
> privledges to modify a processes timerslack, it needlessly restricted
> a task modifying its own timerslack via the proc/<tid>/timerslack_ns
> (which is permitted also via the PR_SET_TIMERSLACK method).
>
> This patch corrects this by checking if p == current before checking
> the CAP_SYS_NICE value.
>
> This patch applies on top of my two previous patches currently in -mm

Ping? Any feedback or comments on this one?

thanks
-john

Next message: Andreas FÃrber: "Re: [RFC PATCH 0/3] ARm64: amlogic: Introduce common GX family dtsi"
Previous message: Chris Metcalf: "Re: [PATCH v15 04/13] task_isolation: add initial support"
Next in thread: Serge E. Hallyn: "Re: [RESEND][PATCH] proc: Fix timerslack_ns CAP_SYS_NICE check when adjusting self"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]