From: Alexei Starovoitov <alexei.starovoitov@gmail.com>
To: "Christian Göttsche" <cgzones@googlemail.com>
Cc: selinux@vger.kernel.org, Jens Axboe <axboe@kernel.dk>,
Hans Verkuil <hverkuil@xs4all.nl>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
Stefan Haberland <sth@linux.ibm.com>,
Jan Hoeppner <hoeppner@linux.ibm.com>,
Heiko Carstens <hca@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Christian Borntraeger <borntraeger@linux.ibm.com>,
Alexander Gordeev <agordeev@linux.ibm.com>,
Sven Schnelle <svens@linux.ibm.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Serge Hallyn <serge@hallyn.com>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <kafai@fb.com>, Song Liu <songliubraving@fb.com>,
Yonghong Song <yhs@fb.com>,
John Fastabend <john.fastabend@gmail.com>,
KP Singh <kpsingh@kernel.org>,
Zhen Lei <thunder.leizhen@huawei.com>,
Arnd Bergmann <arnd@arndb.de>,
Laurent Pinchart <laurent.pinchart@ideasonboard.com>,
Julia Lawall <Julia.Lawall@inria.fr>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Jiri Slaby <jirislaby@kernel.org>,
Pavel Skripkin <paskripkin@gmail.com>,
Du Cheng <ducheng2@gmail.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Andrew Morton <akpm@linux-foundation.org>,
Peter Zijlstra <peterz@infradead.org>,
Alexey Gladkov <legion@kernel.org>,
David Hildenbrand <david@redhat.com>,
Rolf Eike Beer <eb@emlix.com>,
Christian Brauner <christian.brauner@ubuntu.com>,
Cyrill Gorcunov <gorcunov@gmail.com>,
Peter Collingbourne <pcc@google.com>,
Colin Cross <ccross@google.com>,
Davidlohr Bueso <dave@stgolabs.net>,
Xiaofeng Cao <cxfcosmos@gmail.com>,
Nikolay Aleksandrov <nikolay@nvidia.com>,
Stefano Garzarella <sgarzare@redhat.com>,
Florian Fainelli <f.fainelli@gmail.com>,
Ziyang Xuan <william.xuanziyang@huawei.com>,
Alexander Aring <aahringo@redhat.com>,
Eric Dumazet <edumazet@google.com>,
Alistair Delva <adelva@google.com>,
Bart Van Assche <bvanassche@acm.org>,
linux-block@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>,
linux-media@vger.kernel.org,
Network Development <netdev@vger.kernel.org>,
linux-s390 <linux-s390@vger.kernel.org>,
Linux-Fsdevel <linux-fsdevel@vger.kernel.org>,
LSM List <linux-security-module@vger.kernel.org>,
bpf <bpf@vger.kernel.org>
Subject: Re: [RFC PATCH 2/2] capability: use new capable_or functionality
Date: Thu, 17 Feb 2022 09:29:54 -0800 [thread overview]
Message-ID: <CAADnVQJKkrWosMo3S1Ua15_on0S5FWYqUgETi6gqccVOibvEAg@mail.gmail.com> (raw)
In-Reply-To: <20220217145003.78982-1-cgzones@googlemail.com>
On Thu, Feb 17, 2022 at 6:50 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> Use the new added capable_or macro in appropriate cases, where a task
> is required to have any of two capabilities.
>
> Reorder CAP_SYS_ADMIN last.
>
> TODO: split into subsystem patches.
Yes. Please.
The bpf side picked the existing order because we were aware
of that selinux issue.
Looks like there is no good order that works for all.
So the new helper makes a lot of sense.
> Fixes: 94c4b4fd25e6 ("block: Check ADMIN before NICE for IOPRIO_CLASS_RT")
prev parent reply other threads:[~2022-02-17 17:30 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-17 14:49 [RFC PATCH 2/2] capability: use new capable_or functionality Christian Göttsche
2022-02-17 14:49 ` [RFC PATCH 1/2] capability: add capable_or to test for multiple caps with exactly one audit message Christian Göttsche
2022-05-02 16:00 ` [PATCH v2 2/8] capability: use new capable_or functionality Christian Göttsche
2022-05-02 16:00 ` [PATCH v2 3/8] block: " Christian Göttsche
2022-05-02 16:00 ` [PATCH v2 4/8] drivers: " Christian Göttsche
2022-05-09 10:44 ` Jiri Slaby
2022-05-09 10:46 ` Hans Verkuil
2022-05-02 16:00 ` [PATCH v2 5/8] fs: " Christian Göttsche
2022-05-02 16:00 ` [PATCH v2 6/8] kernel: " Christian Göttsche
2022-05-02 16:00 ` [PATCH v2 7/8] kernel/bpf: " Christian Göttsche
2022-05-02 16:00 ` [PATCH v2 8/8] net: " Christian Göttsche
2022-05-09 17:15 ` Serge E. Hallyn
2022-05-22 17:33 ` Serge E. Hallyn
2022-05-02 16:00 ` [PATCH v2 1/8] capability: add capable_or to test for multiple caps with exactly one audit message Christian Göttsche
2022-05-09 17:12 ` Serge E. Hallyn
2022-06-15 15:26 ` [PATCH v3 2/8] capability: use new capable_any functionality Christian Göttsche
2022-06-15 15:26 ` [PATCH v3 3/8] block: " Christian Göttsche
2022-06-16 3:00 ` Bart Van Assche
2022-06-15 15:26 ` [PATCH v3 4/8] drivers: " Christian Göttsche
2022-06-15 15:45 ` Laurent Pinchart
2022-06-15 15:26 ` [PATCH v3 5/8] fs: " Christian Göttsche
2022-06-28 12:56 ` Christian Brauner
2022-06-28 14:11 ` Christian Göttsche
2022-06-15 15:26 ` [PATCH v3 6/8] kernel: " Christian Göttsche
2022-06-15 15:26 ` [PATCH v3 7/8] bpf: " Christian Göttsche
2022-06-15 15:26 ` [PATCH v3 8/8] net: " Christian Göttsche
2022-06-15 15:26 ` [PATCH v3 1/8] capability: add any wrapper to test for multiple caps with exactly one audit message Christian Göttsche
2022-06-26 22:34 ` Serge E. Hallyn
2022-08-30 15:05 ` Christian Göttsche
2022-08-30 15:10 ` Paul Moore
2022-09-02 0:56 ` Paul Moore
2022-09-02 1:35 ` Paul Moore
2022-02-17 17:29 ` Alexei Starovoitov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAADnVQJKkrWosMo3S1Ua15_on0S5FWYqUgETi6gqccVOibvEAg@mail.gmail.com \
--to=alexei.starovoitov@gmail.com \
--cc=Julia.Lawall@inria.fr \
--cc=aahringo@redhat.com \
--cc=adelva@google.com \
--cc=agordeev@linux.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=andrii@kernel.org \
--cc=arnd@arndb.de \
--cc=ast@kernel.org \
--cc=axboe@kernel.dk \
--cc=borntraeger@linux.ibm.com \
--cc=bpf@vger.kernel.org \
--cc=bvanassche@acm.org \
--cc=ccross@google.com \
--cc=cgzones@googlemail.com \
--cc=christian.brauner@ubuntu.com \
--cc=cxfcosmos@gmail.com \
--cc=daniel@iogearbox.net \
--cc=dave@stgolabs.net \
--cc=davem@davemloft.net \
--cc=david@redhat.com \
--cc=ducheng2@gmail.com \
--cc=eb@emlix.com \
--cc=ebiederm@xmission.com \
--cc=edumazet@google.com \
--cc=f.fainelli@gmail.com \
--cc=gor@linux.ibm.com \
--cc=gorcunov@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=hca@linux.ibm.com \
--cc=hoeppner@linux.ibm.com \
--cc=hverkuil@xs4all.nl \
--cc=jirislaby@kernel.org \
--cc=john.fastabend@gmail.com \
--cc=kafai@fb.com \
--cc=kpsingh@kernel.org \
--cc=kuba@kernel.org \
--cc=laurent.pinchart@ideasonboard.com \
--cc=legion@kernel.org \
--cc=linux-block@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mchehab@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=nikolay@nvidia.com \
--cc=paskripkin@gmail.com \
--cc=pcc@google.com \
--cc=peterz@infradead.org \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=sgarzare@redhat.com \
--cc=songliubraving@fb.com \
--cc=sth@linux.ibm.com \
--cc=svens@linux.ibm.com \
--cc=thunder.leizhen@huawei.com \
--cc=viro@zeniv.linux.org.uk \
--cc=william.xuanziyang@huawei.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).