2022-06-15 15:42:40

by Christian Göttsche

[permalink] [raw]
Subject: [PATCH v3 3/8] block: use new capable_any functionality

Use the new added capable_any function in appropriate cases, where a
task is required to have any of two capabilities.

Reorder CAP_SYS_ADMIN last.

Fixes: 94c4b4fd25e6 ("block: Check ADMIN before NICE for IOPRIO_CLASS_RT")

Signed-off-by: Christian Göttsche <[email protected]>
---
v3:
rename to capable_any()
---
block/ioprio.c | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/block/ioprio.c b/block/ioprio.c
index 2fe068fcaad5..6441c052f837 100644
--- a/block/ioprio.c
+++ b/block/ioprio.c
@@ -37,14 +37,7 @@ int ioprio_check_cap(int ioprio)

switch (class) {
case IOPRIO_CLASS_RT:
- /*
- * Originally this only checked for CAP_SYS_ADMIN,
- * which was implicitly allowed for pid 0 by security
- * modules such as SELinux. Make sure we check
- * CAP_SYS_ADMIN first to avoid a denial/avc for
- * possibly missing CAP_SYS_NICE permission.
- */
- if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_NICE))
+ if (!capable_any(CAP_SYS_NICE, CAP_SYS_ADMIN))
return -EPERM;
fallthrough;
/* rt has prio field too */
--
2.36.1


2022-06-16 03:14:51

by Bart Van Assche

[permalink] [raw]
Subject: Re: [PATCH v3 3/8] block: use new capable_any functionality

On 6/15/22 08:26, Christian Göttsche wrote:
> Use the new added capable_any function in appropriate cases, where a
> task is required to have any of two capabilities.
>
> Reorder CAP_SYS_ADMIN last.
>
> Fixes: 94c4b4fd25e6 ("block: Check ADMIN before NICE for IOPRIO_CLASS_RT")
>
> Signed-off-by: Christian Göttsche <[email protected]>
> ---
> v3:
> rename to capable_any()
> ---
> block/ioprio.c | 9 +--------
> 1 file changed, 1 insertion(+), 8 deletions(-)
>
> diff --git a/block/ioprio.c b/block/ioprio.c
> index 2fe068fcaad5..6441c052f837 100644
> --- a/block/ioprio.c
> +++ b/block/ioprio.c
> @@ -37,14 +37,7 @@ int ioprio_check_cap(int ioprio)
>
> switch (class) {
> case IOPRIO_CLASS_RT:
> - /*
> - * Originally this only checked for CAP_SYS_ADMIN,
> - * which was implicitly allowed for pid 0 by security
> - * modules such as SELinux. Make sure we check
> - * CAP_SYS_ADMIN first to avoid a denial/avc for
> - * possibly missing CAP_SYS_NICE permission.
> - */
> - if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_NICE))
> + if (!capable_any(CAP_SYS_NICE, CAP_SYS_ADMIN))
> return -EPERM;
> fallthrough;
> /* rt has prio field too */

Reviewed-by: Bart Van Assche <[email protected]>