Re: [PATCH v2] proc: use ns_capable instead of capable for timerslack_ns

Benjamin Gordon writes: > Access to timerslack_ns is controlled by a process having CAP_SYS_NICE > in its effective capability set, but the current check looks in the root > namespace instead of the process' user namespace. Since a process is > allowed to do other activities controlled by

Re: [PATCH v2] proc: use ns_capable instead of capable for timerslack_ns

Benjamin Gordon writes: > Access to timerslack_ns is controlled by a process having CAP_SYS_NICE > in its effective capability set, but the current check looks in the root > namespace instead of the process' user namespace. Since a process is > allowed to do other activities controlled by

[PATCH v2] proc: use ns_capable instead of capable for timerslack_ns

Access to timerslack_ns is controlled by a process having CAP_SYS_NICE in its effective capability set, but the current check looks in the root namespace instead of the process' user namespace. Since a process is allowed to do other activities controlled by CAP_SYS_NICE inside a namespace, it

[PATCH v2] proc: use ns_capable instead of capable for timerslack_ns

Access to timerslack_ns is controlled by a process having CAP_SYS_NICE in its effective capability set, but the current check looks in the root namespace instead of the process' user namespace. Since a process is allowed to do other activities controlled by CAP_SYS_NICE inside a namespace, it