summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKhazhismel Kumykov <khazhy@google.com>2020-08-25 01:10:34 +0300
committerJens Axboe <axboe@kernel.dk>2020-09-02 04:38:33 +0300
commit9d3a39a5f1e45827b008fff1ee9cf3cac3409665 (patch)
treeefd4c6697c6ce2e649d724d43bca8b4c9d93ce94
parenta7863b3423fd5d1ab82161654ba83973764b570b (diff)
downloadlinux-9d3a39a5f1e45827b008fff1ee9cf3cac3409665.tar.xz
block: grant IOPRIO_CLASS_RT to CAP_SYS_NICE
CAP_SYS_ADMIN is too broad, and ionice fits into CAP_SYS_NICE's grouping. Retain CAP_SYS_ADMIN permission for backwards compatibility. Signed-off-by: Khazhismel Kumykov <khazhy@google.com> Reviewed-by: Bart Van Assche <bvanassche@acm.org> Acked-by: Serge Hallyn <serge@hallyn.com> Signed-off-by: Jens Axboe <axboe@kernel.dk>
-rw-r--r--block/ioprio.c2
-rw-r--r--include/uapi/linux/capability.h2
2 files changed, 3 insertions, 1 deletions
diff --git a/block/ioprio.c b/block/ioprio.c
index 04ebd37966f1..364d2294ba90 100644
--- a/block/ioprio.c
+++ b/block/ioprio.c
@@ -69,7 +69,7 @@ int ioprio_check_cap(int ioprio)
switch (class) {
case IOPRIO_CLASS_RT:
- if (!capable(CAP_SYS_ADMIN))
+ if (!capable(CAP_SYS_NICE) && !capable(CAP_SYS_ADMIN))
return -EPERM;
fallthrough;
/* rt has prio field too */
diff --git a/include/uapi/linux/capability.h b/include/uapi/linux/capability.h
index 395dd0df8d08..c6ca33034147 100644
--- a/include/uapi/linux/capability.h
+++ b/include/uapi/linux/capability.h
@@ -288,6 +288,8 @@ struct vfs_ns_cap_data {
processes and setting the scheduling algorithm used by another
process. */
/* Allow setting cpu affinity on other processes */
+/* Allow setting realtime ioprio class */
+/* Allow setting ioprio class on other processes */
#define CAP_SYS_NICE 23