On 8/10/2016 12:03 PM, John Stultz wrote:
I wasn't entierly sure. I didn't think PR_SET_TIMERSLACK has a security hook, but looking again I now see the top-level security_task_prctl() check, so maybe not skipping it in this case would be good?
the easy fix would be to add back the ptrace check.. just either ptrace-able OR CAP_SYS_NICE ;) then you can prove you only added new stuff as well, and have all the LSM from before
