[v1,0/2] Fix misuse of security_capable()
mbox series

Message ID 20201030123849.770769-1-mic@digikod.net
Headers show
Series
  • Fix misuse of security_capable()
Related show

Message

Mickaël Salaün Oct. 30, 2020, 12:38 p.m. UTC
This series replaces all the use of security_capable(current_cred(),
...) with ns_capable{,_noaudit}() which set PF_SUPERPRIV.

This initially come from a review of Landlock by Jann Horn:
https://lore.kernel.org/lkml/CAG48ez1FQVkt78129WozBwFbVhAPyAr9oJAHFHAbbNxEBr9h1g@mail.gmail.com/

Mickaël Salaün (2):
  ptrace: Set PF_SUPERPRIV when checking capability
  seccomp: Set PF_SUPERPRIV when checking capability

 kernel/ptrace.c  | 18 ++++++------------
 kernel/seccomp.c |  5 ++---
 2 files changed, 8 insertions(+), 15 deletions(-)


base-commit: 3650b228f83adda7e5ee532e2b90429c03f7b9ec

Comments

Kees Cook Nov. 17, 2020, 9:08 p.m. UTC | #1
On Fri, 30 Oct 2020 13:38:47 +0100, Mickaël Salaün wrote:
> This series replaces all the use of security_capable(current_cred(),
> ...) with ns_capable{,_noaudit}() which set PF_SUPERPRIV.
> 
> This initially come from a review of Landlock by Jann Horn:
> https://lore.kernel.org/lkml/CAG48ez1FQVkt78129WozBwFbVhAPyAr9oJAHFHAbbNxEBr9h1g@mail.gmail.com/
> 
> Mickaël Salaün (2):
>   ptrace: Set PF_SUPERPRIV when checking capability
>   seccomp: Set PF_SUPERPRIV when checking capability
> 
> [...]

Applied to for-linus/seccomp, thanks!

[1/2] ptrace: Set PF_SUPERPRIV when checking capability
      https://git.kernel.org/kees/c/cf23705244c9
[2/2] seccomp: Set PF_SUPERPRIV when checking capability
      https://git.kernel.org/kees/c/fb14528e4436