| Message ID | 20230503064344.45825-1-aleksandr.mikhalitsyn@canonical.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp1128416vqo;
Wed, 3 May 2023 00:06:50 -0700 (PDT)
X-Google-Smtp-Source:
ACHHUZ5IiQwVMlOl2+FcTQb8ndmmS8+meFJ6IsiK/6whW8nXy52Td8lYjeHwqILTgYvtMCKs52Dg
X-Received: by 2002:a17:902:d902:b0:1aa:ea22:804e with SMTP id
c2-20020a170902d90200b001aaea22804emr1228432plz.19.1683097609851;
Wed, 03 May 2023 00:06:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1683097609; cv=none;
d=google.com; s=arc-20160816;
b=Y5cyQlPbhBw92xL1o1MIM9/YHK1selnPFI+X6jnveM2gemLkxjULvaO08XtngXeS5h
LwFP1BNV6687JcFt8Ncg0pgzkgLEj8qZtdo2O9UhXfYXeEGdIj6p+lkKBHt+W+ZXUpoy
Eaf82TFSscp1t8GHKjaDOFbYCISb/n3mR4oBWlBCwt+7HBm78z2cuJIYPMLljYXWz8p2
Sf1wuLypdi3oAIlNO6YdbKt0+ir0C4XArV2Fk8C7DBKBdR7PDioVQepIo40xWjN61bJv
r+/hvoI/dpTvHNbOV64gAXQiarB7FfbFvHNkplNTlrI/DEomy9/tmgUksOP/WLnsJhDH
MXew==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=CbwPmz2P7xN6zL203S8qJj89Z+3qclxrXH5+1gyHu6M=;
b=OaNKIjbj6m1TmLtSWLPfgh/RpsJTx5bSvFkCtGj+x5P9f5xPHYBvEbqBa3i0wsEs6r
7y1lewDPyDV9Pd9/Dk50VHVotikIfLULAGHXQnJv0z8BSxGF0LQidoyGT2ERftMdqWW0
CsfrRa/2ww1srU0auY4imqiJj+QSnVK6brN7knLchO037tw+ETzp25LUOuIO9OvHHm/v
PRE6yQ7/0/NV4Gfs3H3XasNmE8TKyJpuQvZS3Tgw/i+ul6mg5M5ZX+XdDq2ijk/f/4XG
1QjImUB0TNra8JklAa8WP3+p6ZOqfmccUyItd+xyamlaZRnyBjm1K0cfvRs92mZSFNSa
fZlw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@canonical.com header.s=20210705 header.b=RP4Hj07Q;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
n3-20020a6546c3000000b00528d0d8b7b7si9589568pgr.287.2023.05.03.00.06.34;
Wed, 03 May 2023 00:06:49 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@canonical.com header.s=20210705 header.b=RP4Hj07Q;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S229683AbjECGo4 (ORCPT <rfc822;heyuhang3455@gmail.com>
+ 99 others); Wed, 3 May 2023 02:44:56 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45200 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229555AbjECGoy (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Wed, 3 May 2023 02:44:54 -0400
Received: from smtp-relay-internal-0.canonical.com
(smtp-relay-internal-0.canonical.com [185.125.188.122])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CF9882684
for <linux-kernel@vger.kernel.org>;
Tue, 2 May 2023 23:44:51 -0700 (PDT)
Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com
[209.85.218.69])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits)
server-digest SHA256)
(No client certificate requested)
by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id
4FE933F447
for <linux-kernel@vger.kernel.org>;
Wed, 3 May 2023 06:44:50 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
s=20210705; t=1683096290;
bh=CbwPmz2P7xN6zL203S8qJj89Z+3qclxrXH5+1gyHu6M=;
h=From:To:Cc:Subject:Date:Message-Id:MIME-Version;
b=RP4Hj07Q+h+6qwaOeQjcOHQ9v0gucSGQI4DwhYMtYrYcXieBjmT0ACxu26i5KzM0m
XgWdHPCateKotvoDWrIUUrBkWiPfhlwN/cUgBA6YUxK8EPS1wGVe9nmaQH+rRzY9+5
8ZJI3kkB83xTvvW9hwY9grTUY8EMdV6y+3xUviw4/A4LB+BaLiYgRv4lsMn6oo+4fm
50CDcHOb2TpQnY2vjnUZUW57RjYEIqXCW8HzVQ+dDtzbrAIPZk9jb58+Sm2oYL8hVk
kR1/O/+AFuiniDJqhY4tSOVscOhSvMgfECud5qJEwrw/4+y64wDrj/JMDVv8wdvDdQ
ivFNk3oAWjmdA==
Received: by mail-ej1-f69.google.com with SMTP id
a640c23a62f3a-95376348868so574665966b.2
for <linux-kernel@vger.kernel.org>;
Tue, 02 May 2023 23:44:50 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1683096290; x=1685688290;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=CbwPmz2P7xN6zL203S8qJj89Z+3qclxrXH5+1gyHu6M=;
b=PaeMkzs+wfBqCjm+c4MBCVLVzEK+49tE02nvZWOWqu60kQvKKfhOXFSQyYKr/azVSb
bufeuKxNfTaXqpTLFlJUsgu/DcWk43qJ6UlNuBKlQhhyw4gkN21VdXu8y2zD9vVrVUyW
ywSuv26Sw0yA+enlQKR7ZYIRAIWGXCLhf7TXytJ3btWZREF63g1TtTw6/klIhihl/N2b
LZfGL+0wCjJMcYkGpjJCE6xS1qf5VhHrJFyQ0ItFknLrIMe/MLiCrWvWN2B4i/lpZ/dk
wZO0/Fs0QJi0Krtk+tDByru+QHieOni2HOxqwE3UdPwisiwTuIdHFjijX9yXGhj5rwD3
SM0Q==
X-Gm-Message-State: AC+VfDzVnVknVXDWVU+3zRfVZeBH3eHsAbzaYc+IRc9uEfA5X9QUc9y7
/5o3262Scq9OnnmO0D5fXUgBeBn8MNGAqZ6fJuaqKQ1Hgr3mabKERT3qo+0qxq9Be8WpTyOnjm3
Xyt75KZ8PBAm+Iwjx1s8zlKef9NoIgK1TSfhYQ8LqoyiltApXNulB
X-Received: by 2002:a17:907:6d8a:b0:92b:69cd:34c7 with SMTP id
sb10-20020a1709076d8a00b0092b69cd34c7mr2010526ejc.40.1683096289818;
Tue, 02 May 2023 23:44:49 -0700 (PDT)
X-Received: by 2002:a17:907:6d8a:b0:92b:69cd:34c7 with SMTP id
sb10-20020a1709076d8a00b0092b69cd34c7mr2010514ejc.40.1683096289565;
Tue, 02 May 2023 23:44:49 -0700 (PDT)
Received: from amikhalitsyn.. ([62.168.35.11])
by smtp.gmail.com with ESMTPSA id
e6-20020a1709062c0600b0094ef2003581sm16831270ejh.153.2023.05.02.23.44.48
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 02 May 2023 23:44:49 -0700 (PDT)
From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
To: mortonm@chromium.org
Cc: penguin-kernel@i-love.sakura.ne.jp,
Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>,
Paul Moore <paul@paul-moore.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH v2] LSM: SafeSetID: fix UID printed instead of GID
Date: Wed, 3 May 2023 08:43:44 +0200
Message-Id: <20230503064344.45825-1-aleksandr.mikhalitsyn@canonical.com>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-4.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED
autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1764855759721010776?=
X-GMAIL-MSGID: =?utf-8?q?1764855759721010776?=
|
| Series |
[v2] LSM: SafeSetID: fix UID printed instead of GID
|
|
Commit Message
Aleksandr Mikhalitsyn
May 3, 2023, 6:43 a.m. UTC
pr_warn message clearly says that GID should be printed,
but we have UID there. Let's fix that.
Found accidentaly during the work on isolated user namespaces.
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
---
v2: __kuid_val -> __kgid_val
---
security/safesetid/lsm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
On Wed, May 3, 2023 at 2:44 AM Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com> wrote: > > pr_warn message clearly says that GID should be printed, > but we have UID there. Let's fix that. > > Found accidentaly during the work on isolated user namespaces. > > Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com> > --- > v2: __kuid_val -> __kgid_val > --- > security/safesetid/lsm.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) I'm assuming you're going to pick this up Micah? Reviewed-by: Paul Moore <paul@paul-moore.com> > diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c > index e806739f7868..5be5894aa0ea 100644 > --- a/security/safesetid/lsm.c > +++ b/security/safesetid/lsm.c > @@ -131,7 +131,7 @@ static int safesetid_security_capable(const struct cred *cred, > * set*gid() (e.g. setting up userns gid mappings). > */ > pr_warn("Operation requires CAP_SETGID, which is not available to GID %u for operations besides approved set*gid transitions\n", > - __kuid_val(cred->uid)); > + __kgid_val(cred->gid)); > return -EPERM; > default: > /* Error, the only capabilities were checking for is CAP_SETUID/GID */ > -- > 2.34.1
On Thu, May 18, 2023 at 8:59 PM Paul Moore <paul@paul-moore.com> wrote: > > On Wed, May 3, 2023 at 2:44 AM Alexander Mikhalitsyn > <aleksandr.mikhalitsyn@canonical.com> wrote: > > > > pr_warn message clearly says that GID should be printed, > > but we have UID there. Let's fix that. > > > > Found accidentaly during the work on isolated user namespaces. > > > > Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com> > > --- > > v2: __kuid_val -> __kgid_val > > --- > > security/safesetid/lsm.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > I'm assuming you're going to pick this up Micah? > > Reviewed-by: Paul Moore <paul@paul-moore.com> Dear Paul! Thanks for your review! Gentle ping to Micah Morton :-) Kind regards, Alex > > > diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c > > index e806739f7868..5be5894aa0ea 100644 > > --- a/security/safesetid/lsm.c > > +++ b/security/safesetid/lsm.c > > @@ -131,7 +131,7 @@ static int safesetid_security_capable(const struct cred *cred, > > * set*gid() (e.g. setting up userns gid mappings). > > */ > > pr_warn("Operation requires CAP_SETGID, which is not available to GID %u for operations besides approved set*gid transitions\n", > > - __kuid_val(cred->uid)); > > + __kgid_val(cred->gid)); > > return -EPERM; > > default: > > /* Error, the only capabilities were checking for is CAP_SETUID/GID */ > > -- > > 2.34.1 > > -- > paul-moore.com
On Tue, Jun 6, 2023 at 2:50 PM Aleksandr Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com> wrote: > On Thu, May 18, 2023 at 8:59 PM Paul Moore <paul@paul-moore.com> wrote: > > On Wed, May 3, 2023 at 2:44 AM Alexander Mikhalitsyn > > <aleksandr.mikhalitsyn@canonical.com> wrote: > > > > > > pr_warn message clearly says that GID should be printed, > > > but we have UID there. Let's fix that. > > > > > > Found accidentaly during the work on isolated user namespaces. > > > > > > Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com> > > > --- > > > v2: __kuid_val -> __kgid_val > > > --- > > > security/safesetid/lsm.c | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > I'm assuming you're going to pick this up Micah? > > > > Reviewed-by: Paul Moore <paul@paul-moore.com> > > Dear Paul! > > Thanks for your review! > > Gentle ping to Micah Morton :-) Micah? The right thing would be for Micah to merge this via the SafeSetID tree, however, considering that it's been over a month with no response, and this patch looks trivially correct, I can pick this up via the LSM tree if we don't see anything from Micah this week.
On Tue, Jun 6, 2023 at 5:13 PM Paul Moore <paul@paul-moore.com> wrote: > On Tue, Jun 6, 2023 at 2:50 PM Aleksandr Mikhalitsyn > <aleksandr.mikhalitsyn@canonical.com> wrote: > > On Thu, May 18, 2023 at 8:59 PM Paul Moore <paul@paul-moore.com> wrote: > > > On Wed, May 3, 2023 at 2:44 AM Alexander Mikhalitsyn > > > <aleksandr.mikhalitsyn@canonical.com> wrote: > > > > > > > > pr_warn message clearly says that GID should be printed, > > > > but we have UID there. Let's fix that. > > > > > > > > Found accidentaly during the work on isolated user namespaces. > > > > > > > > Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com> > > > > --- > > > > v2: __kuid_val -> __kgid_val > > > > --- > > > > security/safesetid/lsm.c | 2 +- > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > I'm assuming you're going to pick this up Micah? > > > > > > Reviewed-by: Paul Moore <paul@paul-moore.com> > > > > Dear Paul! > > > > Thanks for your review! > > > > Gentle ping to Micah Morton :-) > > Micah? > > The right thing would be for Micah to merge this via the SafeSetID > tree, however, considering that it's been over a month with no > response, and this patch looks trivially correct, I can pick this up > via the LSM tree if we don't see anything from Micah this week. Searching through all of the archives on lore I don't see any email from Micah past August of 2022. I'll still stick to the plan of merging this via the LSM tree next week if we don't see any response from Micah, but beyond this patch we may need to consider the possibility that Micah has moved on from SafeSetID. * https://lore.kernel.org/all/?q=f%3Amortonm%40chromium.org
On Thu, Jun 8, 2023 at 2:34 PM Paul Moore <paul@paul-moore.com> wrote: > On Tue, Jun 6, 2023 at 5:13 PM Paul Moore <paul@paul-moore.com> wrote: > > On Tue, Jun 6, 2023 at 2:50 PM Aleksandr Mikhalitsyn > > <aleksandr.mikhalitsyn@canonical.com> wrote: > > > On Thu, May 18, 2023 at 8:59 PM Paul Moore <paul@paul-moore.com> wrote: > > > > On Wed, May 3, 2023 at 2:44 AM Alexander Mikhalitsyn > > > > <aleksandr.mikhalitsyn@canonical.com> wrote: > > > > > > > > > > pr_warn message clearly says that GID should be printed, > > > > > but we have UID there. Let's fix that. > > > > > > > > > > Found accidentaly during the work on isolated user namespaces. > > > > > > > > > > Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com> > > > > > --- > > > > > v2: __kuid_val -> __kgid_val > > > > > --- > > > > > security/safesetid/lsm.c | 2 +- > > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > I'm assuming you're going to pick this up Micah? > > > > > > > > Reviewed-by: Paul Moore <paul@paul-moore.com> > > > > > > Dear Paul! > > > > > > Thanks for your review! > > > > > > Gentle ping to Micah Morton :-) > > > > Micah? > > > > The right thing would be for Micah to merge this via the SafeSetID > > tree, however, considering that it's been over a month with no > > response, and this patch looks trivially correct, I can pick this up > > via the LSM tree if we don't see anything from Micah this week. > > Searching through all of the archives on lore I don't see any email > from Micah past August of 2022. I'll still stick to the plan of > merging this via the LSM tree next week if we don't see any response > from Micah, but beyond this patch we may need to consider the > possibility that Micah has moved on from SafeSetID. > > * https://lore.kernel.org/all/?q=f%3Amortonm%40chromium.org This fell through the cracks in my inbox last week, but I just went ahead and merged this into lsm/next. After the upcoming merge window closes we'll have to revisit SafeSetID's status as "supported", we might need to demote it to "maintained" or "odd fixes".
On Wed, Jun 21, 2023 at 2:30 AM Paul Moore <paul@paul-moore.com> wrote: > > On Thu, Jun 8, 2023 at 2:34 PM Paul Moore <paul@paul-moore.com> wrote: > > On Tue, Jun 6, 2023 at 5:13 PM Paul Moore <paul@paul-moore.com> wrote: > > > On Tue, Jun 6, 2023 at 2:50 PM Aleksandr Mikhalitsyn > > > <aleksandr.mikhalitsyn@canonical.com> wrote: > > > > On Thu, May 18, 2023 at 8:59 PM Paul Moore <paul@paul-moore.com> wrote: > > > > > On Wed, May 3, 2023 at 2:44 AM Alexander Mikhalitsyn > > > > > <aleksandr.mikhalitsyn@canonical.com> wrote: > > > > > > > > > > > > pr_warn message clearly says that GID should be printed, > > > > > > but we have UID there. Let's fix that. > > > > > > > > > > > > Found accidentaly during the work on isolated user namespaces. > > > > > > > > > > > > Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com> > > > > > > --- > > > > > > v2: __kuid_val -> __kgid_val > > > > > > --- > > > > > > security/safesetid/lsm.c | 2 +- > > > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > > > I'm assuming you're going to pick this up Micah? > > > > > > > > > > Reviewed-by: Paul Moore <paul@paul-moore.com> > > > > > > > > Dear Paul! > > > > > > > > Thanks for your review! > > > > > > > > Gentle ping to Micah Morton :-) > > > > > > Micah? > > > > > > The right thing would be for Micah to merge this via the SafeSetID > > > tree, however, considering that it's been over a month with no > > > response, and this patch looks trivially correct, I can pick this up > > > via the LSM tree if we don't see anything from Micah this week. > > > > Searching through all of the archives on lore I don't see any email > > from Micah past August of 2022. I'll still stick to the plan of > > merging this via the LSM tree next week if we don't see any response > > from Micah, but beyond this patch we may need to consider the > > possibility that Micah has moved on from SafeSetID. > > > > * https://lore.kernel.org/all/?q=f%3Amortonm%40chromium.org Hi Paul, > > This fell through the cracks in my inbox last week, but I just went > ahead and merged this into lsm/next. Thanks! Kind regards, Alex > > After the upcoming merge window closes we'll have to revisit > SafeSetID's status as "supported", we might need to demote it to > "maintained" or "odd fixes". > > -- > paul-moore.com
On Wed, Jun 21, 2023 at 12:37 AM Aleksandr Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com> wrote: > > On Wed, Jun 21, 2023 at 2:30 AM Paul Moore <paul@paul-moore.com> wrote: > > > > On Thu, Jun 8, 2023 at 2:34 PM Paul Moore <paul@paul-moore.com> wrote: > > > On Tue, Jun 6, 2023 at 5:13 PM Paul Moore <paul@paul-moore.com> wrote: > > > > On Tue, Jun 6, 2023 at 2:50 PM Aleksandr Mikhalitsyn > > > > <aleksandr.mikhalitsyn@canonical.com> wrote: > > > > > On Thu, May 18, 2023 at 8:59 PM Paul Moore <paul@paul-moore.com> wrote: > > > > > > On Wed, May 3, 2023 at 2:44 AM Alexander Mikhalitsyn > > > > > > <aleksandr.mikhalitsyn@canonical.com> wrote: > > > > > > > > > > > > > > pr_warn message clearly says that GID should be printed, > > > > > > > but we have UID there. Let's fix that. > > > > > > > > > > > > > > Found accidentaly during the work on isolated user namespaces. > > > > > > > > > > > > > > Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com> > > > > > > > --- > > > > > > > v2: __kuid_val -> __kgid_val > > > > > > > --- > > > > > > > security/safesetid/lsm.c | 2 +- > > > > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > > > > > I'm assuming you're going to pick this up Micah? > > > > > > > > > > > > Reviewed-by: Paul Moore <paul@paul-moore.com> > > > > > > > > > > Dear Paul! > > > > > > > > > > Thanks for your review! > > > > > > > > > > Gentle ping to Micah Morton :-) > > > > > > > > Micah? > > > > > > > > The right thing would be for Micah to merge this via the SafeSetID > > > > tree, however, considering that it's been over a month with no > > > > response, and this patch looks trivially correct, I can pick this up > > > > via the LSM tree if we don't see anything from Micah this week. > > > > > > Searching through all of the archives on lore I don't see any email > > > from Micah past August of 2022. I'll still stick to the plan of > > > merging this via the LSM tree next week if we don't see any response > > > from Micah, but beyond this patch we may need to consider the > > > possibility that Micah has moved on from SafeSetID. Sorry guys, this is my first time checking my @chromium.org email in a couple months. I have indeed moved on from being regularly plugged in to the goings on of the linux-security-module mailing list. @Paul Moore whatever you think is the best way forward here is good for me, I can't really make any promises that I'll be checking this mailing list on a regular basis. > > > > > > * https://lore.kernel.org/all/?q=f%3Amortonm%40chromium.org > > Hi Paul, > > > > > This fell through the cracks in my inbox last week, but I just went > > ahead and merged this into lsm/next. > > Thanks! > > Kind regards, > Alex > > > > > After the upcoming merge window closes we'll have to revisit > > SafeSetID's status as "supported", we might need to demote it to > > "maintained" or "odd fixes". > > > > -- > > paul-moore.com
diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c index e806739f7868..5be5894aa0ea 100644 --- a/security/safesetid/lsm.c +++ b/security/safesetid/lsm.c @@ -131,7 +131,7 @@ static int safesetid_security_capable(const struct cred *cred, * set*gid() (e.g. setting up userns gid mappings). */ pr_warn("Operation requires CAP_SETGID, which is not available to GID %u for operations besides approved set*gid transitions\n", - __kuid_val(cred->uid)); + __kgid_val(cred->gid)); return -EPERM; default: /* Error, the only capabilities were checking for is CAP_SETUID/GID */