From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.7 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D1896C4724C for ; Thu, 30 Apr 2020 16:57:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BB5B220731 for ; Thu, 30 Apr 2020 16:57:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726477AbgD3Q5d (ORCPT ); Thu, 30 Apr 2020 12:57:33 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:54552 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725844AbgD3Q5c (ORCPT ); Thu, 30 Apr 2020 12:57:32 -0400 Received: from ip5f5af183.dynamic.kabel-deutschland.de ([95.90.241.131] helo=wittgenstein.fritz.box) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jUCV6-0005V3-OC; Thu, 30 Apr 2020 16:57:28 +0000 From: Christian Brauner To: linux-kernel@vger.kernel.org Cc: Alexander Viro , =?UTF-8?q?St=C3=A9phane=20Graber?= , Linux Containers , "Eric W . Biederman" , Serge Hallyn , Jann Horn , Michael Kerrisk , Aleksa Sarai , linux-api@vger.kernel.org, Christian Brauner Subject: [PATCH v2 1/4] capability: add ns_capable_cred() Date: Thu, 30 Apr 2020 18:57:14 +0200 Message-Id: <20200430165717.1001605-1-christian.brauner@ubuntu.com> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add a simple capability helper which makes it possible to determine whether a set of creds is ns capable wrt to the passed in credentials. This is not something exciting it's just a more pleasant wrapper around security_capable() by allowing ns_capable_common() to ake a const struct cred argument. In ptrace_has_cap() for example, we're using security_capable() directly. ns_capable_cred() will be used in the next patch to check against the target credentials the caller is going to switch to. Cc: Eric W. Biederman Cc: Serge Hallyn Signed-off-by: Christian Brauner --- /* v2 */ patch introduced --- include/linux/capability.h | 3 +++ kernel/capability.c | 17 +++++++++++------ 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/include/linux/capability.h b/include/linux/capability.h index ecce0f43c73a..743a08d936fb 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -40,6 +40,7 @@ struct cpu_vfs_cap_data { struct file; struct inode; struct dentry; +struct cred; struct task_struct; struct user_namespace; @@ -209,6 +210,8 @@ extern bool has_ns_capability_noaudit(struct task_struct *t, struct user_namespace *ns, int cap); extern bool capable(int cap); extern bool ns_capable(struct user_namespace *ns, int cap); +extern bool ns_capable_cred(const struct cred *cred, + struct user_namespace *ns, int cap); extern bool ns_capable_noaudit(struct user_namespace *ns, int cap); extern bool ns_capable_setid(struct user_namespace *ns, int cap); #else diff --git a/kernel/capability.c b/kernel/capability.c index 1444f3954d75..84425781917e 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -361,8 +361,8 @@ bool has_capability_noaudit(struct task_struct *t, int cap) return has_ns_capability_noaudit(t, &init_user_ns, cap); } -static bool ns_capable_common(struct user_namespace *ns, - int cap, +static bool ns_capable_common(const struct cred *cred, + struct user_namespace *ns, int cap, unsigned int opts) { int capable; @@ -372,7 +372,7 @@ static bool ns_capable_common(struct user_namespace *ns, BUG(); } - capable = security_capable(current_cred(), ns, cap, opts); + capable = security_capable(cred, ns, cap, opts); if (capable == 0) { current->flags |= PF_SUPERPRIV; return true; @@ -393,10 +393,15 @@ static bool ns_capable_common(struct user_namespace *ns, */ bool ns_capable(struct user_namespace *ns, int cap) { - return ns_capable_common(ns, cap, CAP_OPT_NONE); + return ns_capable_common(current_cred(), ns, cap, CAP_OPT_NONE); } EXPORT_SYMBOL(ns_capable); +bool ns_capable_cred(const struct cred *cred, struct user_namespace *ns, int cap) +{ + return ns_capable_common(cred, ns, cap, CAP_OPT_NONE); +} + /** * ns_capable_noaudit - Determine if the current task has a superior capability * (unaudited) in effect @@ -411,7 +416,7 @@ EXPORT_SYMBOL(ns_capable); */ bool ns_capable_noaudit(struct user_namespace *ns, int cap) { - return ns_capable_common(ns, cap, CAP_OPT_NOAUDIT); + return ns_capable_common(current_cred(), ns, cap, CAP_OPT_NOAUDIT); } EXPORT_SYMBOL(ns_capable_noaudit); @@ -430,7 +435,7 @@ EXPORT_SYMBOL(ns_capable_noaudit); */ bool ns_capable_setid(struct user_namespace *ns, int cap) { - return ns_capable_common(ns, cap, CAP_OPT_INSETID); + return ns_capable_common(current_cred(), ns, cap, CAP_OPT_INSETID); } EXPORT_SYMBOL(ns_capable_setid); base-commit: ae83d0b416db002fe95601e7f97f64b59514d936 -- 2.26.2