IOPRIO_CLASS_RT without CAP_SYS_ADMIN?

From: Khazhismel Kumykov
Date: Thu Aug 20 2020 - 20:35:23 EST

Next message: Steven Rostedt: "Re: [PATCH v4 3/3] media: atomisp: Only use trace_printk if allowed"
Previous message: Thomas Gleixner: "Re: [REGRESSION] x86/entry: Tracer no longer has opportunity to change the syscall number at entry via orig_ax"
Next in thread: Bart Van Assche: "Re: IOPRIO_CLASS_RT without CAP_SYS_ADMIN?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It'd be nice to allow a process to send RT requests without granting
it the wide capabilities of CAP_SYS_ADMIN, and we already have a
capability which seems to almost fit this priority idea -
CAP_SYS_NICE? Would this fit there?

Being capable of setting IO priorities on per request or per thread
basis (be it async submission or w/ thread ioprio_set) is useful
especially when the userspace has its own prioritization/scheduling
before hitting the kernel, allowing us to signal to the kernel how to
order certain IOs, and it'd be nice to separate this from ADMIN for
non-root processes, in a way that's less error prone than e.g. having
a trusted launcher ionice the process and then drop priorities for
everything but prio requests.

khazhy

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Next message: Steven Rostedt: "Re: [PATCH v4 3/3] media: atomisp: Only use trace_printk if allowed"
Previous message: Thomas Gleixner: "Re: [REGRESSION] x86/entry: Tracer no longer has opportunity to change the syscall number at entry via orig_ax"
Next in thread: Bart Van Assche: "Re: IOPRIO_CLASS_RT without CAP_SYS_ADMIN?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]