Hi Patrick, On Thursday 09 Aug 2018 at 16:23:13 (+0100), Patrick Bellasi wrote: > On 09-Aug 11:50, Juri Lelli wrote: > > On 09/08/18 10:14, Patrick Bellasi wrote: > > > On 07-Aug 14:35, Juri Lelli wrote: > > > > On 06/08/18 17:39, Patrick Bellasi wrote: > > [...] > > > > 1) make CAP_SYS_NICE protected the clamp groups, with an optional boot > > > time parameter to relax this check > > > > It seems to me that this might work well with that the intended usage of > > the interface that you depict above. SMS only (or any privileged user) > > will be in control of how groups are configured, so no problem for > > normal users. > > Yes, well... apart normal users still getting a -ENOSPC is they are > requesting one of the not pre-configured clamp values. Which is why > the following bits can be helpful.
So IIUC, normal users would still be free of choosing their clamp values as long as they choose one in the list of pre-allocated ones ? Is that correct ? If yes, that would still let normal users make they tasks look bigger no ? They could just choose the clamp group with the highest min_clamp or something. Isn't this a problem too ? I mean, if that can be abused easily, I'm pretty sure people _will_ abuse it ... Or maybe I misunderstood something ? Thanks, Quentin
