Hi Zach! Thanks for the work! :-) On 10/19/22 01:50, Zach OKeefe wrote:
From: Zach O'Keefe <zokeefe@xxxxxxxxxx>
The initial commit of process_madvise(2) to man-pages project included
an error, indicating that CAP_SYS_ADMIN capability was required when, in
fact, CAP_SYS_NICE was the required capability.
The initial commit of process_madvise(2) to Linux, commit ecb8ac8b1f14
("mm/madvise: introduce process_madvise() syscall: an external memory
hinting API"), relied on PTRACE_MODE_ATTACH_FSCREDS (see ptrace(2)),
but was amended by commit 96cfe2c0fd23 ("mm/madvise: replace ptrace
attach requirement for process_madvise") which replaced this with a
combination of PTRACE_MODE_READ and CAP_SYS_NICE (PTRACE_MODE_READ to
prevent leaking ASLR metadata and CAP_SYS_NICE for influencing process
performance).
Those two commits are several versions apart: alx@asus5775:~/src/linux/linux$ git describe --contains ecb8ac8b1f14 v5.10-rc1~87^2~14 alx@asus5775:~/src/linux/linux$ git describe --contains 96cfe2c0fd23 v5.12-rc3~12^2~9If I understand the paragraph above, from 5.10 to 5.12 the capability required was CAP_SYS_ADMIN?
Cheers, Alex
Correct this in the man-page for process_madvise(2).
Fixes: a144f458b ("process_madvise.2: Document process_madvise(2)")
Cc: Suren Baghdasaryan <surenb@xxxxxxxxxx>
Cc: Minchan Kim <minchan@xxxxxxxxxx>
Signed-off-by: Zach O'Keefe <zokeefe@xxxxxxxxxx>
---
man2/process_madvise.2 | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/man2/process_madvise.2 b/man2/process_madvise.2
index 6208206e4..7bee1a098 100644
--- a/man2/process_madvise.2
+++ b/man2/process_madvise.2
@@ -113,7 +113,8 @@ check (see
in addition,
because of the performance implications of applying the advice,
the caller must have the
-.B CAP_SYS_ADMIN
+.\" commit 96cfe2c0fd23ea7c2368d14f769d287e7ae1082e
+.B CAP_SYS_NICE
capability.
.SH RETURN VALUE
On success,
-- <http://www.alejandro-colomar.es/>
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
