* [PATCH] net: Use ns_capable_noaudit() when determining net sysctl permissions
@ 2016-09-30 22:24 Dmitry Torokhov
2016-10-01 7:25 ` David Miller
0 siblings, 1 reply; 3+ messages in thread
From: Dmitry Torokhov @ 2016-09-30 22:24 UTC (permalink / raw)
To: David S. Miller
Cc: Tyler Hicks, Serge E. Hallyn, James Morris, Eric W. Biederman,
netdev, linux-kernel
From: Tyler Hicks <tyhicks@canonical.com>
The capability check should not be audited since it is only being used
to determine the inode permissions. A failed check does not indicate a
violation of security policy but, when an LSM is enabled, a denial audit
message was being generated.
The denial audit message caused confusion for some application authors
because root-running Go applications always triggered the denial. To
prevent this confusion, the capability check in net_ctl_permissions() is
switched to the noaudit variant.
BugLink: https://launchpad.net/bugs/1465724
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
[dtor: reapplied after e79c6a4fc923 ("net: make net namespace sysctls
belong to container's owner") accidentally reverted the change.]
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
---
net/sysctl_net.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/sysctl_net.c b/net/sysctl_net.c
index c5d37f4..9199813 100644
--- a/net/sysctl_net.c
+++ b/net/sysctl_net.c
@@ -44,7 +44,7 @@ static int net_ctl_permissions(struct ctl_table_header *head,
struct net *net = container_of(head->set, struct net, sysctls);
/* Allow network administrator to have same access as root. */
- if (ns_capable(net->user_ns, CAP_NET_ADMIN)) {
+ if (ns_capable_noaudit(net->user_ns, CAP_NET_ADMIN)) {
int mode = (table->mode >> 6) & 7;
return (mode << 6) | (mode << 3) | mode;
}
--
2.8.0.rc3.226.g39d4020
--
Dmitry
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] net: Use ns_capable_noaudit() when determining net sysctl permissions
2016-09-30 22:24 [PATCH] net: Use ns_capable_noaudit() when determining net sysctl permissions Dmitry Torokhov
@ 2016-10-01 7:25 ` David Miller
2016-10-01 18:59 ` Dmitry Torokhov
0 siblings, 1 reply; 3+ messages in thread
From: David Miller @ 2016-10-01 7:25 UTC (permalink / raw)
To: dmitry.torokhov
Cc: tyhicks, serge.hallyn, james.l.morris, ebiederm, netdev, linux-kernel
From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Date: Fri, 30 Sep 2016 15:24:31 -0700
> From: Tyler Hicks <tyhicks@canonical.com>
>
> The capability check should not be audited since it is only being used
> to determine the inode permissions. A failed check does not indicate a
> violation of security policy but, when an LSM is enabled, a denial audit
> message was being generated.
>
> The denial audit message caused confusion for some application authors
> because root-running Go applications always triggered the denial. To
> prevent this confusion, the capability check in net_ctl_permissions() is
> switched to the noaudit variant.
>
> BugLink: https://launchpad.net/bugs/1465724
>
> Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
> Signed-off-by: James Morris <james.l.morris@oracle.com>
> [dtor: reapplied after e79c6a4fc923 ("net: make net namespace sysctls
> belong to container's owner") accidentally reverted the change.]
> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Applied, but please be clear in the future what tree a patch
is targetting, in this case 'net-next'.
You can indicate this in the Subject line "[PATCH net-next]".
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] net: Use ns_capable_noaudit() when determining net sysctl permissions
2016-10-01 7:25 ` David Miller
@ 2016-10-01 18:59 ` Dmitry Torokhov
0 siblings, 0 replies; 3+ messages in thread
From: Dmitry Torokhov @ 2016-10-01 18:59 UTC (permalink / raw)
To: David Miller
Cc: tyhicks, serge.hallyn, james.l.morris, ebiederm, netdev, linux-kernel
On Sat, Oct 01, 2016 at 03:25:04AM -0400, David Miller wrote:
> From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
> Date: Fri, 30 Sep 2016 15:24:31 -0700
>
> > From: Tyler Hicks <tyhicks@canonical.com>
> >
> > The capability check should not be audited since it is only being used
> > to determine the inode permissions. A failed check does not indicate a
> > violation of security policy but, when an LSM is enabled, a denial audit
> > message was being generated.
> >
> > The denial audit message caused confusion for some application authors
> > because root-running Go applications always triggered the denial. To
> > prevent this confusion, the capability check in net_ctl_permissions() is
> > switched to the noaudit variant.
> >
> > BugLink: https://launchpad.net/bugs/1465724
> >
> > Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
> > Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
> > Signed-off-by: James Morris <james.l.morris@oracle.com>
> > [dtor: reapplied after e79c6a4fc923 ("net: make net namespace sysctls
> > belong to container's owner") accidentally reverted the change.]
> > Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
>
> Applied, but please be clear in the future what tree a patch
> is targetting, in this case 'net-next'.
>
> You can indicate this in the Subject line "[PATCH net-next]".
Sorry, will do next time.
Thanks.
--
Dmitry
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-10-01 18:59 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-09-30 22:24 [PATCH] net: Use ns_capable_noaudit() when determining net sysctl permissions Dmitry Torokhov
2016-10-01 7:25 ` David Miller
2016-10-01 18:59 ` Dmitry Torokhov
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.