On Thu, Sep 06, 2018 at 03:40:53PM +0100, Patrick Bellasi wrote: > 1) _I think_ we don't want to depend on capable(CAP_SYS_NICE) but > instead on capable(CAP_SYS_ADMIN) > > Does that make sense ?
Neither of them really makes sense to me. The max clamp makes a task 'consume' less and you should always be able to reduce yourself. The min clamp doesn't avoid while(1); and is therefore also not a problem. So I think setting clamps on a task should not be subject to additional capabilities. Now, of course, there is a problem of clamp resources, which are limited. Consuming those _is_ a problem. I think the problem here is that the two are conflated in the very same interface. Would it make sense to move the available clamp values out to some sysfs interface like thing and guard that with a capability, while keeping the task interface unprivilidged? Another thing that has me 'worried' about this interface is the direct tie to CPU capacity (not that I have a better suggestion). But it does raise the point of how userspace is going to discover the relevant values of the platform.