| Message ID | 20220615152623.311223-2-cgzones@googlemail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | [v3,1/8] capability: add any wrapper to test for multiple caps with exactly one audit message | expand |
On 6/15/22 08:26, Christian Göttsche wrote: > Use the new added capable_any function in appropriate cases, where a > task is required to have any of two capabilities. > > Reorder CAP_SYS_ADMIN last. > > Fixes: 94c4b4fd25e6 ("block: Check ADMIN before NICE for IOPRIO_CLASS_RT") > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > --- > v3: > rename to capable_any() > --- > block/ioprio.c | 9 +-------- > 1 file changed, 1 insertion(+), 8 deletions(-) > > diff --git a/block/ioprio.c b/block/ioprio.c > index 2fe068fcaad5..6441c052f837 100644 > --- a/block/ioprio.c > +++ b/block/ioprio.c > @@ -37,14 +37,7 @@ int ioprio_check_cap(int ioprio) > > switch (class) { > case IOPRIO_CLASS_RT: > - /* > - * Originally this only checked for CAP_SYS_ADMIN, > - * which was implicitly allowed for pid 0 by security > - * modules such as SELinux. Make sure we check > - * CAP_SYS_ADMIN first to avoid a denial/avc for > - * possibly missing CAP_SYS_NICE permission. > - */ > - if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_NICE)) > + if (!capable_any(CAP_SYS_NICE, CAP_SYS_ADMIN)) > return -EPERM; > fallthrough; > /* rt has prio field too */ Reviewed-by: Bart Van Assche <bvanassche@acm.org>
diff --git a/block/ioprio.c b/block/ioprio.c index 2fe068fcaad5..6441c052f837 100644 --- a/block/ioprio.c +++ b/block/ioprio.c @@ -37,14 +37,7 @@ int ioprio_check_cap(int ioprio) switch (class) { case IOPRIO_CLASS_RT: - /* - * Originally this only checked for CAP_SYS_ADMIN, - * which was implicitly allowed for pid 0 by security - * modules such as SELinux. Make sure we check - * CAP_SYS_ADMIN first to avoid a denial/avc for - * possibly missing CAP_SYS_NICE permission. - */ - if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_NICE)) + if (!capable_any(CAP_SYS_NICE, CAP_SYS_ADMIN)) return -EPERM; fallthrough; /* rt has prio field too */
Use the new added capable_any function in appropriate cases, where a task is required to have any of two capabilities. Reorder CAP_SYS_ADMIN last. Fixes: 94c4b4fd25e6 ("block: Check ADMIN before NICE for IOPRIO_CLASS_RT") Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- v3: rename to capable_any() --- block/ioprio.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-)