block: grant IOPRIO_CLASS_RT to CAP_SYS_NICE

CAP_SYS_ADMIN is too broad, and ionice fits into CAP_SYS_NICE's grouping. Retain CAP_SYS_ADMIN permission for backwards compatibility. Signed-off-by: N Khazhismel Kumykov <khazhy@google.com> Reviewed-by: N Bart Van Assche <bvanassche@acm.org> Acked-by: N Serge Hallyn <serge@hallyn.com> Signed-off-by: N Jens Axboe <axboe@kernel.dk>

block: grant IOPRIO_CLASS_RT to CAP_SYS_NICE
CAP_SYS_ADMIN is too broad, and ionice fits into CAP_SYS_NICE's grouping. Retain CAP_SYS_ADMIN permission for backwards compatibility. Signed-off-by: N Khazhismel Kumykov <khazhy@google.com> Reviewed-by: N Bart Van Assche <bvanassche@acm.org> Acked-by: N Serge Hallyn <serge@hallyn.com> Signed-off-by: N Jens Axboe <axboe@kernel.dk>
9d3a39a5 · Khazhismel Kumykov · Jens Axboe · a7863b34 · 9d3a39a5 · 9d3a39a5
隐藏空白更改
内联并排

Showing with 3 addition and 1 deletion

block/ioprio.c block/ioprio.c +1 -1

include/uapi/linux/capability.h include/uapi/linux/capability.h +2 -0

未找到文件。
--- a/block/ioprio.c
+++ b/block/ioprio.c
@@ -69,7 +69,7 @@ int ioprio_check_cap(int ioprio)
 	switch (class) {
 		case IOPRIO_CLASS_RT:
-			if (!capable(CAP_SYS_ADMIN))
+			if (!capable(CAP_SYS_NICE) && !capable(CAP_SYS_ADMIN))
 				return -EPERM;
 			fallthrough;
 			/* rt has prio field too */

--- a/include/uapi/linux/capability.h
+++ b/include/uapi/linux/capability.h
@@ -288,6 +288,8 @@ struct vfs_ns_cap_data {
   processes and setting the scheduling algorithm used by another
   process. */
 /* Allow setting cpu affinity on other processes */
+/* Allow setting realtime ioprio class */
+/* Allow setting ioprio class on other processes */
 #define CAP_SYS_NICE         23