pipe: change the privilege required for growing a pipe beyond system max

Change it to CAP_SYS_RESOURCE, as that more accurately models what we want to control. Suggested-by: Michael Kerrisk <mtk.manpages@googlemail.com> Signed-off-by: Jens Axboe <jaxboe@fusionio.com>

pipe: change the privilege required for growing a pipe beyond system max
Change it to CAP_SYS_RESOURCE, as that more accurately models what we want to control. Suggested-by: Michael Kerrisk <mtk.manpages@googlemail.com> Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
419f8367 · Jens Axboe · 6a6ca57d · 419f8367
Commit 419f8367 authored Jun 03, 2010 by Jens Axboe
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

fs/pipe.c fs/pipe.c +1 -1

No files found.
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -1178,7 +1178,7 @@ long pipe_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
 		nr_pages = (arg + PAGE_SIZE - 1) >> PAGE_SHIFT;
 		nr_pages = roundup_pow_of_two(nr_pages);

-		if (!capable(CAP_SYS_ADMIN) && nr_pages > pipe_max_pages) {
+		if (!capable(CAP_SYS_RESOURCE) && nr_pages > pipe_max_pages) {
 			ret = -EPERM;
 			goto out;
 		} else if (nr_pages < 1) {