On Thu, 16 Sep 2021, akpm@xxxxxxxxxxxxxxxxxxxx wrote:
Subject: ipc: check checkpoint_restore_ns_capable() to modify C/R proc files This commit removes the requirement to be root to modify sem_next_id, msg_next_id and shm_next_id and checks checkpoint_restore_ns_capable instead.
After reading 124ea650d3072b005457faed69909221c2905a1f this makes sense to me.
Since those files are specific to the IPC namespace, there is no reason they should require root privileges. This is similar to ns_last_pid, which also only checks checkpoint_restore_ns_capable. Link: https://lkml.kernel.org/r/20210916163717.3179496-1-mclapinski@xxxxxxxxxx Signed-off-by: Michal Clapinski <mclapinski@xxxxxxxxxx> Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> Cc: Davidlohr Bueso <dave@xxxxxxxxxxxx> Cc: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Reviewed-by: Davidlohr Bueso <dbueso@xxxxxxx>
