* Re: [PATCH v2] block: grant IOPRIO_CLASS_RT to CAP_SYS_NICE [not found] <20200824221034.2170308-1-khazhy@google.com> @ 2020-08-30 1:00 ` Bart Van Assche 2020-09-01 22:49 ` Khazhismel Kumykov 0 siblings, 1 reply; 3+ messages in thread From: Bart Van Assche @ 2020-08-30 1:00 UTC (permalink / raw) To: Khazhismel Kumykov, Jens Axboe Cc: Serge Hallyn, Paolo Valente, linux-block, linux-kernel, linux-security-module, linux-api On 2020-08-24 15:10, Khazhismel Kumykov wrote: > CAP_SYS_ADMIN is too broad, and ionice fits into CAP_SYS_NICE's grouping. > > Retain CAP_SYS_ADMIN permission for backwards compatibility. > > Signed-off-by: Khazhismel Kumykov <khazhy@google.com> > --- > block/ioprio.c | 2 +- > include/uapi/linux/capability.h | 2 ++ > 2 files changed, 3 insertions(+), 1 deletion(-) > > v2: fix embarrassing logic mistake > diff --git a/block/ioprio.c b/block/ioprio.c > index 77bcab11dce5..276496246fe9 100644 > --- a/block/ioprio.c > +++ b/block/ioprio.c > @@ -69,7 +69,7 @@ int ioprio_check_cap(int ioprio) > > switch (class) { > case IOPRIO_CLASS_RT: > - if (!capable(CAP_SYS_ADMIN)) > + if (!capable(CAP_SYS_NICE) && !capable(CAP_SYS_ADMIN)) > return -EPERM; > /* fall through */ > /* rt has prio field too */ > diff --git a/include/uapi/linux/capability.h b/include/uapi/linux/capability.h > index 395dd0df8d08..c6ca33034147 100644 > --- a/include/uapi/linux/capability.h > +++ b/include/uapi/linux/capability.h > @@ -288,6 +288,8 @@ struct vfs_ns_cap_data { > processes and setting the scheduling algorithm used by another > process. */ > /* Allow setting cpu affinity on other processes */ > +/* Allow setting realtime ioprio class */ > +/* Allow setting ioprio class on other processes */ > > #define CAP_SYS_NICE 23 From https://www.kernel.org/doc/man-pages/linux-api-ml.html: "all Linux kernel patches that change userspace interfaces should be CCed to linux-api@vger.kernel.org" So I have added the linux-api mailing list to the Cc-list. Anyway: Reviewed-by: Bart Van Assche <bvanassche@acm.org> ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v2] block: grant IOPRIO_CLASS_RT to CAP_SYS_NICE 2020-08-30 1:00 ` [PATCH v2] block: grant IOPRIO_CLASS_RT to CAP_SYS_NICE Bart Van Assche @ 2020-09-01 22:49 ` Khazhismel Kumykov 2020-09-01 22:51 ` Jens Axboe 0 siblings, 1 reply; 3+ messages in thread From: Khazhismel Kumykov @ 2020-09-01 22:49 UTC (permalink / raw) To: Bart Van Assche Cc: Jens Axboe, Serge Hallyn, Paolo Valente, linux-block, Linux Kernel Mailing List, linux-security-module, linux-api [-- Attachment #1: Type: text/plain, Size: 449 bytes --] On Sat, Aug 29, 2020 at 6:00 PM Bart Van Assche <bvanassche@acm.org> wrote: > > From https://www.kernel.org/doc/man-pages/linux-api-ml.html: > "all Linux kernel patches that change userspace interfaces should be CCed > to linux-api@vger.kernel.org" > > So I have added the linux-api mailing list to the Cc-list. Anyway: Thanks, sorry for missing that! > > Reviewed-by: Bart Van Assche <bvanassche@acm.org> Jens, does this change look good? khazhy [-- Attachment #2: S/MIME Cryptographic Signature --] [-- Type: application/pkcs7-signature, Size: 3850 bytes --] ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v2] block: grant IOPRIO_CLASS_RT to CAP_SYS_NICE 2020-09-01 22:49 ` Khazhismel Kumykov @ 2020-09-01 22:51 ` Jens Axboe 0 siblings, 0 replies; 3+ messages in thread From: Jens Axboe @ 2020-09-01 22:51 UTC (permalink / raw) To: Khazhismel Kumykov, Bart Van Assche Cc: Serge Hallyn, Paolo Valente, linux-block, Linux Kernel Mailing List, linux-security-module, linux-api On 9/1/20 4:49 PM, Khazhismel Kumykov wrote: > On Sat, Aug 29, 2020 at 6:00 PM Bart Van Assche <bvanassche@acm.org> wrote: >> >> From https://www.kernel.org/doc/man-pages/linux-api-ml.html: >> "all Linux kernel patches that change userspace interfaces should be CCed >> to linux-api@vger.kernel.org" >> >> So I have added the linux-api mailing list to the Cc-list. Anyway: > Thanks, sorry for missing that! >> >> Reviewed-by: Bart Van Assche <bvanassche@acm.org> > > Jens, does this change look good? Yes, I'll queue it up for 5.10. -- Jens Axboe ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-09-01 22:52 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20200824221034.2170308-1-khazhy@google.com>
2020-08-30 1:00 ` [PATCH v2] block: grant IOPRIO_CLASS_RT to CAP_SYS_NICE Bart Van Assche
2020-09-01 22:49 ` Khazhismel Kumykov
2020-09-01 22:51 ` Jens Axboe
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).