| Message ID | 20230511142535.732324-4-cgzones@googlemail.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:6358:3046:b0:115:7a1d:dabb with SMTP id p6csp4479513rwl;
Thu, 11 May 2023 07:29:26 -0700 (PDT)
X-Google-Smtp-Source:
ACHHUZ4VqHt8CTIdj4SDWptNBDUmN4jQi3MJ7Jz4gu15quI9ussMIdAfen7ZQd1EynsJqa//DeON
X-Received: by 2002:a17:902:f804:b0:1a6:d9a6:a9b4 with SMTP id
ix4-20020a170902f80400b001a6d9a6a9b4mr22305924plb.3.1683815366550;
Thu, 11 May 2023 07:29:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1683815366; cv=none;
d=google.com; s=arc-20160816;
b=rKTUeL30HmRclKtsSb4nozSstVBmNNeQqAMqyYxsLRQW+9UCtbWmL971HKVYoobdXb
Qcrnl3eopyHNTYJPxrpJ2DnhVZAmttO3+dktuig8vLdi6dtAEQgU/n9oxbzZJ/YZXD+t
PkQ8RDDXoKsVpU8caY8tB9eOtwzb5qiv/Z5WGT0YKuBY9dJh0DS1fsYXl0O6McW9S3GH
86QmRC19/wCCtlJaZ9tL6FF7bAPQ93kgidBEiEmw3Mj0e2YCl4jTPdKYLUpxXE/tCs9o
wl4xqAyx76X6cK0/j48XVZ6irf7UwghocguGXzSVoGpqJL+qwbKXUMLQJyC1AtVTzhoT
BRmQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=4MLvCJECEpiR/gI61O4GG27R/3uA2bLpDgI5SluFLTA=;
b=J2dVHBjXcvtOkOiSUoV9gBqkEWsaH8ssFyQ5g0qgYUhuR0Q4zLW1kcQBLH9L0rsSoE
/C2D8eRk1/QLOh01fe2Y0Ah5XfdkXO/9s5c7OKHaDKWZsy4cr9J5xp9XacFlxtFOgpBq
GRqjFQSvI+tJjCIT8eN/LRjvxt9COaQ8/b2y+rJfXPwza4xBDm3Z+DK6Ry2YvxntDGyu
W4Ogy406v1YBCnwFUW+4h9STG/Lpbk8/8cizaobtZiTWDzrGbpsHY7DReqsxe4ihfyCN
Wh8fahHwmWFs7RUtXw9UHLutEUUWLs9DUGr+InxI9VtgbqQpFEmM+40xYU93rKKcs7oU
G4Gg==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@googlemail.com header.s=20221208 header.b=N68pkqzb;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE)
header.from=googlemail.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
e6-20020a17090301c600b001a1faee77fesi7431326plh.302.2023.05.11.07.29.00;
Thu, 11 May 2023 07:29:26 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@googlemail.com header.s=20221208 header.b=N68pkqzb;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE)
header.from=googlemail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S237987AbjEKO1K (ORCPT <rfc822;peekingduck44@gmail.com>
+ 99 others); Thu, 11 May 2023 10:27:10 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46098 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S238045AbjEKO0r (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Thu, 11 May 2023 10:26:47 -0400
Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com
[IPv6:2a00:1450:4864:20::52e])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8E4AC1161A;
Thu, 11 May 2023 07:26:35 -0700 (PDT)
Received: by mail-ed1-x52e.google.com with SMTP id
4fb4d7f45d1cf-50bc1612940so15770603a12.2;
Thu, 11 May 2023 07:26:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlemail.com; s=20221208; t=1683815194; x=1686407194;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:from:to:cc:subject:date
:message-id:reply-to;
bh=4MLvCJECEpiR/gI61O4GG27R/3uA2bLpDgI5SluFLTA=;
b=N68pkqzbvbgbZoltAtubUv7rw9JDXyqdkHGdeKmUKjGpn+E5r4zpUDvVnJnAQ8q/TY
nswT/PA0t6FiilhbAjs2ZA920mxwXyD7SPZTe7HZNbzTny4MzUzAmNvhHHV66wy8snLx
133de9nuoDoyUqThzedi9BsiMhYhtTdzwgVSciKF5qTuT6oJJsuGF27/VMHe0X56VIIk
TwicLhuN0EsOIppLFg+9pJM4liuIKAxwv8n5eVI+mkQNQ2mlq7LvRyBDbf8JRgmqTfO7
lcYKKtolCRyYdFmOIAklkRShS3Ku0tT6icHA08d77cjRjtZaOJjtu2NwGCVMoJJKg9E7
ZhHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1683815194; x=1686407194;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=4MLvCJECEpiR/gI61O4GG27R/3uA2bLpDgI5SluFLTA=;
b=bQeLQbs/hGeQuIf7/9PVgM2IAje2zH8TKSITp0UdE3zE2DwvMRneblejwZCsnzu28w
MHBhYxbaIcwl2Lgs88dHu9i62qmVlYznHhEi3Wf+02h13ragHeNq8zl0Z4weEpyzpLn5
5kg+kOpv64Gh1srARmIXiQKmrfcZksGpgnHxuaPsOMhx4bSRmilFx320OcacfrTWxST4
ap8IZ80kxHl6Wr0XmZXd02p6Hd5Y1niYMj/XSu/gyxJx9NjRUqI4d3BXYUzi1QGd31fa
f8eXJuJUamhquCnPwmHxvoNpTCFfBGwtw/Xd1XQwhvQih97HwUJTbtrbIqT91ssWJhwK
bn+A==
X-Gm-Message-State: AC+VfDyGMDGgV5k9ee9OajuoUKh/xQTtC3PNDLcfuGr3pgx5N/VTuGkO
tYuaJDnDg4GMjEHFcnYtw3d9ZY2VqnXmhw==
X-Received: by 2002:a17:907:868b:b0:961:57fb:10c1 with SMTP id
qa11-20020a170907868b00b0096157fb10c1mr19859592ejc.63.1683815193736;
Thu, 11 May 2023 07:26:33 -0700 (PDT)
Received: from debianHome.localdomain
(dynamic-077-008-180-228.77.8.pool.telefonica.de. [77.8.180.228])
by smtp.gmail.com with ESMTPSA id
hf15-20020a1709072c4f00b0094f58a85bc5sm4056647ejc.180.2023.05.11.07.26.33
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 11 May 2023 07:26:33 -0700 (PDT)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Cc: Jens Axboe <axboe@kernel.dk>, Alistair Delva <adelva@google.com>,
Bart Van Assche <bvanassche@acm.org>,
Serge Hallyn <serge@hallyn.com>, linux-block@vger.kernel.org,
linux-kernel@vger.kernel.org, bpf@vger.kernel.org
Subject: [PATCH v4 4/9] block: use new capable_any functionality
Date: Thu, 11 May 2023 16:25:27 +0200
Message-Id: <20230511142535.732324-4-cgzones@googlemail.com>
X-Mailer: git-send-email 2.40.1
In-Reply-To: <20230511142535.732324-1-cgzones@googlemail.com>
References: <20230511142535.732324-1-cgzones@googlemail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,
RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1765608381514568745?=
X-GMAIL-MSGID: =?utf-8?q?1765608381514568745?=
|
| Series |
[v4,1/9] capability: introduce new capable flag NODENYAUDIT
|
|
Commit Message
Christian Göttsche
May 11, 2023, 2:25 p.m. UTC
Use the new added capable_any function in appropriate cases, where a
task is required to have any of two capabilities.
Reorder CAP_SYS_ADMIN last.
Fixes: 94c4b4fd25e6 ("block: Check ADMIN before NICE for IOPRIO_CLASS_RT")
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
v3:
rename to capable_any()
---
block/ioprio.c | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
Comments
On Thu, May 11, 2023 at 04:25:27PM +0200, Christian Göttsche wrote: > Use the new added capable_any function in appropriate cases, where a > task is required to have any of two capabilities. What is this new function and why should we using it? Your also forgot to Cc the block list on the entire series, making this page completely unreviewable.
On Thu, 11 May 2023 at 17:35, Christoph Hellwig <hch@infradead.org> wrote: > > On Thu, May 11, 2023 at 04:25:27PM +0200, Christian Göttsche wrote: > > Use the new added capable_any function in appropriate cases, where a > > task is required to have any of two capabilities. > > What is this new function and why should we using it? Quoting the description from https://lore.kernel.org/all/20230511142535.732324-10-cgzones@googlemail.com/ : Add the interfaces `capable_any()` and `ns_capable_any()` as an alternative to multiple `capable()`/`ns_capable()` calls, like `capable_any(CAP_SYS_NICE, CAP_SYS_ADMIN)` instead of `capable(CAP_SYS_NICE) || capable(CAP_SYS_ADMIN)`. `capable_any()`/`ns_capable_any()` will in particular generate exactly one audit message, either for the left most capability in effect or, if the task has none, the first one. This is especially helpful with regard to SELinux, where each audit message about a not allowed capability request will create a denial message. Using this new wrapper with the least invasive capability as left most argument (e.g. CAP_SYS_NICE before CAP_SYS_ADMIN) enables policy writers to only grant the least invasive one for the particular subject instead of both. > Your also forgot to Cc the block list on the entire series, making this > page completely unreviewable.
diff --git a/block/ioprio.c b/block/ioprio.c index 32a456b45804..0a7df88bf6d9 100644 --- a/block/ioprio.c +++ b/block/ioprio.c @@ -37,14 +37,7 @@ int ioprio_check_cap(int ioprio) switch (class) { case IOPRIO_CLASS_RT: - /* - * Originally this only checked for CAP_SYS_ADMIN, - * which was implicitly allowed for pid 0 by security - * modules such as SELinux. Make sure we check - * CAP_SYS_ADMIN first to avoid a denial/avc for - * possibly missing CAP_SYS_NICE permission. - */ - if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_NICE)) + if (!capable_any(CAP_SYS_NICE, CAP_SYS_ADMIN)) return -EPERM; fallthrough; /* rt has prio field too */