From: Jens Axboe <jaxboe@fusionio.com>
Date: Thu, 3 Jun 2010 10:45:28 +0000 (+0200)
Subject: pipe: change the privilege required for growing a pipe beyond system max
X-Git-Tag: v2.6.35-rc2~12^2~3
X-Git-Url: https://bbs.cooldavid.org/git/?a=commitdiff_plain;h=419f8367ea37e5adc5d95479e8fd5554b92b49fe;p=net-next-2.6.git

pipe: change the privilege required for growing a pipe beyond system max

Change it to CAP_SYS_RESOURCE, as that more accurately models what
we want to control.

Suggested-by: Michael Kerrisk <mtk.manpages@googlemail.com>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
---

diff --git a/fs/pipe.c b/fs/pipe.c
index 369a0245aab..f98fae3e36b 100644
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -1178,7 +1178,7 @@ long pipe_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
 		nr_pages = (arg + PAGE_SIZE - 1) >> PAGE_SHIFT;
 		nr_pages = roundup_pow_of_two(nr_pages);
 
-		if (!capable(CAP_SYS_ADMIN) && nr_pages > pipe_max_pages) {
+		if (!capable(CAP_SYS_RESOURCE) && nr_pages > pipe_max_pages) {
 			ret = -EPERM;
 			goto out;
 		} else if (nr_pages < 1) {