[RFC]cgroup: Change from CAP_SYS_NICE to CAP_SYS_RESOURCE for cgroup migration permissions

Try to better match what we're pushing upstream, use CAP_SYS_RESOURCE instead of CAP_SYS_NICE, which shoudln't affect Android as Zygote and system_server already use CAP_SYS_RESOURCE. Signed-off-by: John Stultz <john.stultz@linaro.org>
author: John Stultz <john.stultz@linaro.org> 2016-10-18 16:20:23 -0700
committer: Dmitry Shmidt <dimitrysh@google.com> 2016-10-24 12:46:15 -0700
commit: 64f0245f312a849acc83b7c6cdcc8f7c1a14cca3 (patch)
tree: 100962ef79de95d4882e868e098f650178762c42 /kernel/cgroup.c
parent: a3c8dc25c446485dcbf8a978f755eead9eac3671 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 45c5e134d05b..00af24ac0167 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -2678,7 +2678,7 @@ static int cgroup_procs_write_permission(struct task_struct *task,
 	if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
 	    !uid_eq(cred->euid, tcred->uid) &&
 	    !uid_eq(cred->euid, tcred->suid) &&
-	    !ns_capable(tcred->user_ns, CAP_SYS_NICE))
+	    !ns_capable(tcred->user_ns, CAP_SYS_RESOURCE))
 		ret = -EACCES;
 
 	if (!ret && cgroup_on_dfl(dst_cgrp)) {
author	John Stultz <john.stultz@linaro.org>	2016-10-18 16:20:23 -0700
committer	Dmitry Shmidt <dimitrysh@google.com>	2016-10-24 12:46:15 -0700
commit	64f0245f312a849acc83b7c6cdcc8f7c1a14cca3 (patch)
tree	100962ef79de95d4882e868e098f650178762c42 /kernel/cgroup.c
parent	a3c8dc25c446485dcbf8a978f755eead9eac3671 (diff)