From: Alistair Delva > Sent: 15 November 2021 19:09 ... > > > - if (!capable(CAP_SYS_NICE) && !capable(CAP_SYS_ADMIN)) > > > + if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_NICE)) > > > return -EPERM; Isn't the real problem that you actually want to test: if (!capable(CAP_SYS_NICE | CAP_SYS_ADMIN)) return -EPERM; so that you only get the fail 'splat' when neither is set. This will be true whenever more than one capability enables something. Possibly this needs something like: int capabale_or(unsigned int, ...); #define capabale_or(...) capabable_or(__VA_LIST__, ~0u) David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
