Re: [RESEND][PATCH] proc: Fix timerslack_ns CAP_SYS_NICE check when adjusting self

[Serge E. Hallyn]

On Mon, Aug 29, 2016 at 11:28:47AM -0700, John Stultz wrote:
> On Mon, Aug 22, 2016 at 4:01 PM, John Stultz <john.stultz@xxxxxxxxxx> wrote:
> > In changing from checking ptrace_may_access(p, PTRACE_MODE_ATTACH_FSCREDS)
> > to capable(CAP_SYS_NICE), I missed that ptrace_my_access succeeds
> > when p == current, but the CAP_SYS_NICE doesn't.
> >
> > Thus while the previous commit was intended to loosen the needed
> > privledges to modify a processes timerslack, it needlessly restricted
> > a task modifying its own timerslack via the proc/<tid>/timerslack_ns
> > (which is permitted also via the PR_SET_TIMERSLACK method).
> >
> > This patch corrects this by checking if p == current before checking
> > the CAP_SYS_NICE value.
> >
> > This patch applies on top of my two previous patches currently in -mm
> 
> Ping? Any feedback or comments on this one?

(sorry - no objection from me on this patch, thanks)