Received: by 2002:a05:6a10:9e8c:0:0:0:0 with SMTP id y12csp795004pxx;
        Mon, 26 Oct 2020 23:57:17 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzl7JwcyH62lh1a9p9JScbti6OpOmeen4voE0PJqXtxM6mzG7bny8Lo9LnPDkMeMOaDSpZM
X-Received: by 2002:a17:906:7016:: with SMTP id n22mr1010469ejj.402.1603781836856;
        Mon, 26 Oct 2020 23:57:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1603781836; cv=none;
        d=google.com; s=arc-20160816;
        b=M9c4/ayGgl9v+SD4J6nzrzkXvfG4ATPZ3EKDpfmXoTOPA7tOpuEilVpqsyR3el95Lp
         zzDwhe7ZuxqaIkYmU9GCq6zticTZZly/h+Qb7IbEzOs0frk7JnSdE8LwIy/tBTn0pCDq
         +CYyoljo6F4TU8jhGpMMCA0FYY0v2g1CLwHngiheMKXPKat95YcbHfmI3F9qyl97KIpO
         qxjjJ0yznZlWMnK1AYP01ULCjXDFc6qdtFuBIlEzvmwAbOuNGB7HtMYyCnyMofhNf37/
         C1LlfTIH6+3Q+8tg4DuZR7Riy0H4zV1jAV0MgZSW8LJdFDee2cp/laxNpTRFOqRxvke5
         S1AQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:user-agent:references:message-id
         :in-reply-to:subject:cc:to:from:date;
        bh=VqbcspjLvG0g4Dk0tibOjEMNapzc4SgvbAuK+MrL02k=;
        b=tP4ASLSc8EYLaSgBGd2jG/3m8ISOlnSyc62m+G6k8PtjOBbKuxkDLeaBm9UPunIah2
         pQ5hebtFS/mz262A05UIP1bWEClxQN4S0uYr6q6qkj+ag4X2ORz1OnFYalN70ZqlapSA
         4LJOgOqwe4q+fvTuG3qQWs7tRlIVz+uMkHox7DfN5duDLiZgEnqiqSlBnSns6xgpRq34
         LdzmmPySW3QEewB1B0SBddxWms28SoNXGx5rvDZENJSdYy0BBbNlka4XcN0oN7TI00nv
         sBc0/GIL+AFeZdNDuIvYjR+m/jLuaFAqN4iHjIsmCj04dkHU44eDFnv39/8rlFox7yJA
         gbYw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id a23si227176edv.500.2020.10.26.23.56.54;
        Mon, 26 Oct 2020 23:57:16 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2388623AbgJZUht (ORCPT <rfc822;atom.tux.beastie@gmail.com>
        + 99 others); Mon, 26 Oct 2020 16:37:49 -0400
Received: from namei.org ([65.99.196.166]:37980 "EHLO namei.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2388577AbgJZUht (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 26 Oct 2020 16:37:49 -0400
Received: from localhost (localhost [127.0.0.1])
        by namei.org (8.14.4/8.14.4) with ESMTP id 09QKbbkE009912;
        Mon, 26 Oct 2020 20:37:38 GMT
Date:   Tue, 27 Oct 2020 07:37:37 +1100 (AEDT)
From:   James Morris <jmorris@namei.org>
To:     Jeff Vander Stoep <jeffv@google.com>
cc:     "David S. Miller" <davem@davemloft.net>,
        Jakub Kicinski <kuba@kernel.org>,
        linux-security-module@vger.kernel.org,
        Roman Kiryanov <rkir@google.com>, netdev@vger.kernel.org,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH] vsock: use ns_capable_noaudit() on socket create
In-Reply-To: <20201023143757.377574-1-jeffv@google.com>
Message-ID: <alpine.LRH.2.21.2010270737290.9603@namei.org>
References: <20201023143757.377574-1-jeffv@google.com>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, 23 Oct 2020, Jeff Vander Stoep wrote:

> During __vsock_create() CAP_NET_ADMIN is used to determine if the
> vsock_sock->trusted should be set to true. This value is used later
> for determing if a remote connection should be allowed to connect
> to a restricted VM. Unfortunately, if the caller doesn't have
> CAP_NET_ADMIN, an audit message such as an selinux denial is
> generated even if the caller does not want a trusted socket.
> 
> Logging errors on success is confusing. To avoid this, switch the
> capable(CAP_NET_ADMIN) check to the noaudit version.
> 
> Reported-by: Roman Kiryanov <rkir@google.com>
> https://android-review.googlesource.com/c/device/generic/goldfish/+/1468545/
> Signed-off-by: Jeff Vander Stoep <jeffv@google.com>


Reviewed-by: James Morris <jamorris@linux.microsoft.com>


-- 
James Morris
<jmorris@namei.org>