io_uring: allow SQPOLL with CAP_SYS_NICE privileges

CAP_SYS_ADMIN is too restrictive for a lot of uses cases, allow
CAP_SYS_NICE based on the premise that such users are already allowed
to raise the priority of tasks.

Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/fs/io_uring.c b/fs/io_uring.c
index a8c136a..3cc1e59 100644 (file)
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -7783,7 +7783,7 @@ static int io_sq_offload_create(struct io_ring_ctx *ctx,
                struct io_sq_data *sqd;
 
                ret = -EPERM;
-               if (!capable(CAP_SYS_ADMIN))
+               if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_NICE))
                        goto err;
 
                sqd = io_get_sq_data(p);