> All these are guarded by one check to see if the process is allowed to
> make changes that require CAP_SYS_NICE. This capability check is
> performed regardless of whether the app actually is trying to do
> something that requires CAP_SYS_NICE. (In this case, it's not trying to,
> but the check is made regardless.)
Should that be fixed in the Linux kernel, or at least reported to the developers?
> All these are guarded by one check to see if the process is allowed to
> make changes that require CAP_SYS_NICE. This capability check is
> performed regardless of whether the app actually is trying to do
> something that requires CAP_SYS_NICE. (In this case, it's not trying to,
> but the check is made regardless.)
Should that be fixed in the Linux kernel, or at least reported to the developers?