ANDROID: sched: Make uclamp changes depend on CAP_SYS_NICE
There is currently nothing preventing tasks from changing their per-task clamp values in anyway that they like. The rationale is probably that system administrators are still able to limit those clamps thanks to the cgroup interface. However, this causes pain in a system where both per-task and per-cgroup clamp values are expected to be under the control of core system components (as is the case for Android). To fix this, let's require CAP_SYS_NICE to change per-task clamp values. There are ongoing discussions upstream about more flexible approaches than this using the RLIMIT API -- see [1]. But the upstream discussion has not converged yet, and this is way too late for UAPI changes in android12-5.10 anyway, so let's apply this change which provides the behaviour we want without actually impacting UAPIs. [1] https://lore.kernel.org/lkml/20210623123441.592348-4-qperret@google.com/ Bug: 187186685 Signed-off-by: Quentin Perret <qperret@google.com> Change-Id: I749312a77306460318ac5374cf243d00b78120dd
This commit is contained in:
Quentin Perret
@@ -5554,6 +5554,10 @@ recheck:
|
||||
/* Normal users shall not reset the sched_reset_on_fork flag: */
|
||||
if (p->sched_reset_on_fork && !reset_on_fork)
|
||||
return -EPERM;
|
||||
|
||||
/* Can't change util-clamps */
|
||||
if (attr->sched_flags & SCHED_FLAG_UTIL_CLAMP)
|
||||
return -EPERM;
|
||||
}
|
||||
|
||||
if (user) {
|
||||
|
||||
Reference in New Issue
Block a user