From: Eric Sandeen <sandeen@sandeen.net>
To: "Darrick J. Wong" <djwong@kernel.org>, xfs <linux-xfs@vger.kernel.org>
Cc: Ondrej Mosnacek <omosnace@redhat.com>,
Dave Chinner <david@fromorbit.com>,
linux-security-module@vger.kernel.org, selinux@vger.kernel.org,
john.haxby@oracle.com
Subject: Re: [PATCH RESEND] xfs: don't generate selinux audit messages for capability testing
Date: Thu, 3 Mar 2022 11:21:00 -0600 [thread overview]
Message-ID: <e97b6ef6-dc48-c49b-a98e-6d404dc79a59@sandeen.net> (raw)
In-Reply-To: <20220301025052.GF117732@magnolia>
On 2/28/22 8:50 PM, Darrick J. Wong wrote:
> From: Darrick J. Wong <djwong@kernel.org>
>
> There are a few places where we test the current process' capability set
> to decide if we're going to be more or less generous with resource
> acquisition for a system call. If the process doesn't have the
> capability, we can continue the call, albeit in a degraded mode.
>
> These are /not/ the actual security decisions, so it's not proper to use
> capable(), which (in certain selinux setups) causes audit messages to
> get logged. Switch them to has_capability_noaudit.
>
> Signed-off-by: Darrick J. Wong <djwong@kernel.org>
> Cc: Ondrej Mosnacek <omosnace@redhat.com>
> Cc: Dave Chinner <david@fromorbit.com>
Thanks Darrick. This looks technically correct to me as well.
You might want to add a:
Fixes: 7317a03df703f ("xfs: refactor inode ownership change transaction/inode/quota allocation idiom")
because I /think/ that's the commit that moved the capable() checks out
from under quota tests, and made the problem more visible.
And maybe:
Fixes: ea9a46e1c4925 ("xfs: only return detailed fsmap info if the caller has CAP_SYS_ADMIN")
as well?
It's not strictly fixing the former; AFAICT the problem existed when quota was
enabled already, so I'll leave all that to your discretion.
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Thanks,
-Eric
next prev parent reply other threads:[~2022-03-03 17:27 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-01 2:50 [PATCH RESEND] xfs: don't generate selinux audit messages for capability testing Darrick J. Wong
2022-03-01 15:10 ` Serge E. Hallyn
2022-03-01 15:48 ` Darrick J. Wong
2022-03-02 14:44 ` Serge E. Hallyn
2022-03-02 11:01 ` Ondrej Mosnacek
2022-03-03 17:21 ` Eric Sandeen [this message]
2022-03-04 0:30 ` Darrick J. Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e97b6ef6-dc48-c49b-a98e-6d404dc79a59@sandeen.net \
--to=sandeen@sandeen.net \
--cc=david@fromorbit.com \
--cc=djwong@kernel.org \
--cc=john.haxby@oracle.com \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=omosnace@redhat.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.