Re: Are CAP_SYS_ADMIN and CAP_SYS_NICE still needed for SQPOLL?

From: Stefano Garzarella
Date: Thu Mar 25 2021 - 10:10:20 EST


On Thu, Mar 25, 2021 at 08:02:45AM -0600, Jens Axboe wrote:
On 3/25/21 7:44 AM, Pavel Begunkov wrote:
On 25/03/2021 11:33, Stefano Garzarella wrote:
Hi Jens, Hi Pavel,
I was taking a look at the new SQPOLL handling with io_thread instead of kthread. Great job! Really nice feature that maybe can be reused also in other scenarios (e.g. vhost).

Regarding SQPOLL, IIUC these new threads are much closer to user threads, so is there still a need to require CAP_SYS_ADMIN and CAP_SYS_NICE to enable SQPOLL?

Hmm, good question. If there are under same cgroup (should be in
theory), and if we add more scheduling points (i.e. need_resched()), and
don't see a reason why not. Jens?

Better not right away though. IMHO it's safer to let the change settle
down for some time.

Yes, agree on both counts - we are not going to need elevated privileges
going forward, but I'd also rather defer making that change until 5.13
so we have a bit more time on the current (new) base first.

Yeah, that makes sense to me!

Thank you both for the quick clarification,
Stefano