On Mon, May 20, 2024 at 07:30:14AM GMT, Tycho Andersen wrote: > there is an ongoing effort (started at [0]) to constify the first arg > here, since you're not supposed to write to it. Your usage looks > correct to me, so I think all it needs is a literal "const" here. Will do, along with the suggestions from Jarkko > > + struct ctl_table t; > > + unsigned long mask_array[2]; > > + kernel_cap_t new_mask, *mask; > > + int err; > > + > > + if (write && (!capable(CAP_SETPCAP) || > > + !capable(CAP_SYS_ADMIN))) > > + return -EPERM; > > ...why CAP_SYS_ADMIN? You mention it in the changelog, but don't > explain why. No reason really, I was hoping we could decide what we want here. UMH uses CAP_SYS_MODULE, Serge mentioned adding a new cap maybe.
