Willy Tarreau wrote: > @@ -1066,7 +1094,8 @@ long pipe_fcntl(struct file *file, unsigned int cmd, unsigned long arg) > if (!nr_pages) > goto out; > > - if (!capable(CAP_SYS_RESOURCE) && size > pipe_max_size) { > + if (!capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN) && > + (size > pipe_max_size || too_many_pipe_buffers(pipe->user))) { > ret = -EPERM; > goto out; > } I think we should not check capable(CAP_SYS_ADMIN) for size > pipe_max_size case, for checking capable(CAP_SYS_ADMIN) needlessly generates audit logs and also loosens permission required for setting size > pipe_max_size. Also, I think we should not check capable(CAP_SYS_ADMIN) unless too_many_pipe_buffers(pipe->user) is true, for checking capable(CAP_SYS_ADMIN) needlessly generates audit logs. Since too_many_unix_fds() requires capable(CAP_SYS_ADMIN) || capable(CAP_SYS_ADMIN), I think what we want is something like below? if (!capable(CAP_SYS_RESOURCE) && size > pipe_max_size) { ret = -EPERM; goto out; } else if (too_many_pipe_buffers(pipe->user) && !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)) { ret = -EPERM; goto out; } -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html