From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Benjamin Gordon <bmgordon@google.com>,
John Stultz <john.stultz@linaro.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Kees Cook <keescook@chromium.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Thomas Gleixner <tglx@linutronix.de>,
Arjan van de Ven <arjan@linux.intel.com>,
Oren Laadan <orenl@cellrox.com>,
Ruchi Kandoi <kandoiruchi@google.com>,
Rom Lemarchand <romlem@android.com>, Todd Kjos <tkjos@google.com>,
Colin Cross <ccross@android.com>, Nick Kralevich <nnk@google.com>,
Dmitry Shmidt <dimitrysh@google.com>,
Elliott Hughes <enh@google.com>,
Alexey Dobriyan <adobriyan@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Sasha Levin <sashal@kernel.org>,
linux-fsdevel@vger.kernel.org
Subject: [PATCH AUTOSEL 4.9 103/107] fs/proc/base.c: use ns_capable instead of capable for timerslack_ns
Date: Mon, 28 Jan 2019 11:19:43 -0500 [thread overview]
Message-ID: <20190128161947.57405-103-sashal@kernel.org> (raw)
In-Reply-To: <20190128161947.57405-1-sashal@kernel.org>
From: Benjamin Gordon <bmgordon@google.com>
[ Upstream commit 8da0b4f692c6d90b09c91f271517db746a22ff67 ]
Access to timerslack_ns is controlled by a process having CAP_SYS_NICE
in its effective capability set, but the current check looks in the root
namespace instead of the process' user namespace. Since a process is
allowed to do other activities controlled by CAP_SYS_NICE inside a
namespace, it should also be able to adjust timerslack_ns.
Link: http://lkml.kernel.org/r/20181030180012.232896-1-bmgordon@google.com
Signed-off-by: Benjamin Gordon <bmgordon@google.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: John Stultz <john.stultz@linaro.org>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Oren Laadan <orenl@cellrox.com>
Cc: Ruchi Kandoi <kandoiruchi@google.com>
Cc: Rom Lemarchand <romlem@android.com>
Cc: Todd Kjos <tkjos@google.com>
Cc: Colin Cross <ccross@android.com>
Cc: Nick Kralevich <nnk@google.com>
Cc: Dmitry Shmidt <dimitrysh@google.com>
Cc: Elliott Hughes <enh@google.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/proc/base.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 79702d405ba7..f73de326c630 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -2337,10 +2337,13 @@ static ssize_t timerslack_ns_write(struct file *file, const char __user *buf,
return -ESRCH;
if (p != current) {
- if (!capable(CAP_SYS_NICE)) {
+ rcu_read_lock();
+ if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) {
+ rcu_read_unlock();
count = -EPERM;
goto out;
}
+ rcu_read_unlock();
err = security_task_setscheduler(p);
if (err) {
@@ -2373,11 +2376,14 @@ static int timerslack_ns_show(struct seq_file *m, void *v)
return -ESRCH;
if (p != current) {
-
- if (!capable(CAP_SYS_NICE)) {
+ rcu_read_lock();
+ if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) {
+ rcu_read_unlock();
err = -EPERM;
goto out;
}
+ rcu_read_unlock();
+
err = security_task_getscheduler(p);
if (err)
goto out;
--
2.19.1
next parent reply other threads:[~2019-01-28 16:41 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20190128161947.57405-1-sashal@kernel.org>
2019-01-28 16:19 ` Sasha Levin [this message]
2019-01-28 16:19 ` [PATCH AUTOSEL 4.9 105/107] proc/sysctl: fix return error for proc_doulongvec_minmax() Sasha Levin
2019-01-28 16:19 ` [PATCH AUTOSEL 4.9 106/107] fs/epoll: drop ovflist branch prediction Sasha Levin
2019-01-28 16:19 ` [PATCH AUTOSEL 4.9 107/107] exec: load_script: don't blindly truncate shebang string Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190128161947.57405-103-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=arjan@linux.intel.com \
--cc=bmgordon@google.com \
--cc=ccross@android.com \
--cc=dimitrysh@google.com \
--cc=ebiederm@xmission.com \
--cc=enh@google.com \
--cc=john.stultz@linaro.org \
--cc=kandoiruchi@google.com \
--cc=keescook@chromium.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nnk@google.com \
--cc=orenl@cellrox.com \
--cc=romlem@android.com \
--cc=serge@hallyn.com \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=tkjos@google.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).