Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp4252407pxb; Fri, 11 Feb 2022 21:52:28 -0800 (PST) X-Google-Smtp-Source: ABdhPJzAY6srcM/v1AjtSkjC2FbHY+okiHNwLBW9ztDJrzGUjAR7SbMSQzV+CChkt8otB+Qld3Lo X-Received: by 2002:a05:6402:143:: with SMTP id s3mr5216242edu.7.1644645148085; Fri, 11 Feb 2022 21:52:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1644645148; cv=none; d=google.com; s=arc-20160816; b=pO4RlarliRwXF/PzyzBVS8/AnRJHT/OLWgplpdB7MWX1fVwtQRZ/NQHaN4GHNdbsw7 OiKpvW95LxPFTWShkLDcmXOZjZMTMVy5mzZhJ/GmOS1vcbvoM/jdcL53a/dKIb+f3pIH SVMtbaLvMEzb1qoInxodFIJYF3LA9pu+2b61grvMBZpfuQTvAPbBHU2Ft22rgVJZRK7C FuZNVdr8nQkS6j89vPzkXntmgngjDMP30y6gwULJy9dpZPLTX1/1fLEZjDCCwiJ3YK6d qmjZFYrQRmZCWC5i/Ogc6aoZ16w1v2ciwEHhOCAWRHaFzsISjS52K1ZQ1YRKCX3+1Z5n IT9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:subject:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:cc:to:from; bh=iX7JMb9TNhRZ2Z1psgJ2BPhAcZCCaoaQzbTVXYPzr5k=; b=RNZDzwphtd6G+/gRTMw5lGhN79K2nt2us8jBNXcLU9QDo/JccHmDm6ycVtQx5gkFW6 HskDm0a48zWv96hFqpaXp+JBLTPZGqpMzbbXaczbwZ0OwryNZd4Rg/v5zwwg9wKPkoU9 LLtYJrkxdJ3vu2IBibzwcYROxlMUq6bSnf285EUz3tpryT/9+oEITArq4u3H52FkkpO4 cASv1djEFYLMhjVo1psvhxBxDzg1fLffEbvS6Bn5M+huT60C42wbFR+FjqRcUrJXSD3q GFS6cgTbj2ghYatFxBNSuBPMqrw4qqSpw1yvOedgwR+dCwQ6Xhn6fG5Iet/p2WKASZiD AWKw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id go11si9781116ejc.144.2022.02.11.21.52.03; Fri, 11 Feb 2022 21:52:27 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347317AbiBKCOd (ORCPT + 95 others); Thu, 10 Feb 2022 21:14:33 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:35142 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347238AbiBKCOV (ORCPT ); Thu, 10 Feb 2022 21:14:21 -0500 Received: from out03.mta.xmission.com (out03.mta.xmission.com [166.70.13.233]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AC2915FB7 for ; Thu, 10 Feb 2022 18:14:21 -0800 (PST) Received: from in01.mta.xmission.com ([166.70.13.51]:35146) by out03.mta.xmission.com with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from ) id 1nILS0-00BUbz-LR; Thu, 10 Feb 2022 19:14:20 -0700 Received: from ip68-227-174-4.om.om.cox.net ([68.227.174.4]:52650 helo=localhost.localdomain) by in01.mta.xmission.com with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from ) id 1nILRy-00FMXV-EE; Thu, 10 Feb 2022 19:14:20 -0700 From: "Eric W. Biederman" To: linux-kernel@vger.kernel.org Cc: Alexey Gladkov , Kees Cook , Shuah Khan , Christian Brauner , Solar Designer , Ran Xiaokai , containers@lists.linux-foundation.org, =?UTF-8?q?Michal=20Koutn=C3=BD?= , "Eric W. Biederman" Date: Thu, 10 Feb 2022 20:13:23 -0600 Message-Id: <20220211021324.4116773-7-ebiederm@xmission.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <87o83e2mbu.fsf@email.froward.int.ebiederm.org> References: <87o83e2mbu.fsf@email.froward.int.ebiederm.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-XM-SPF: eid=1nILRy-00FMXV-EE;;;mid=<20220211021324.4116773-7-ebiederm@xmission.com>;;;hst=in01.mta.xmission.com;;;ip=68.227.174.4;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX19hIkDhW0y+iihrri7QgnEJaetNmmdeS/I= X-SA-Exim-Connect-IP: 68.227.174.4 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-DCC: XMission; sa06 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ***;linux-kernel@vger.kernel.org X-Spam-Relay-Country: X-Spam-Timing: total 1527 ms - load_scoreonly_sql: 0.03 (0.0%), signal_user_changed: 13 (0.8%), b_tie_ro: 11 (0.8%), parse: 0.98 (0.1%), extract_message_metadata: 12 (0.8%), get_uri_detail_list: 1.10 (0.1%), tests_pri_-1000: 14 (0.9%), tests_pri_-950: 1.24 (0.1%), tests_pri_-900: 1.00 (0.1%), tests_pri_-90: 272 (17.8%), check_bayes: 270 (17.7%), b_tokenize: 6 (0.4%), b_tok_get_all: 5 (0.3%), b_comp_prob: 1.83 (0.1%), b_tok_touch_all: 254 (16.6%), b_finish: 0.79 (0.1%), tests_pri_0: 1200 (78.6%), check_dkim_signature: 0.49 (0.0%), check_dkim_adsp: 2.9 (0.2%), poll_dns_idle: 1.01 (0.1%), tests_pri_10: 3.1 (0.2%), tests_pri_500: 8 (0.5%), rewrite_mail: 0.00 (0.0%) Subject: [PATCH 7/8] rlimit: For RLIMIT_NPROC test the child not the parent for capabilites X-SA-Exim-Version: 4.2.1 (built Sat, 08 Feb 2020 21:53:50 +0000) X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Ever since capabilities have become user namespace relative the capability checks to allow overrriing RLIMIT_NPROC in fork has been wrong. It is desirable to test the capabilities the new process will have not to test the capabilities of the existing process. In all cases except when creating a user namespace this does not matter, and even then not enforcing RLIMIT_NPROC on the root_user probably makes such a test moot. Still the test is wrong in principle so fix it to the more stringent test. Especially now that RLIMIT_NPROC enforcement has become per user namespace. Fixes: 3486740a4f32 ("userns: security: make capabilities relative to the user namespace") Signed-off-by: "Eric W. Biederman" --- kernel/fork.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/fork.c b/kernel/fork.c index 69333078259c..79661678a5bf 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -2030,7 +2030,8 @@ static __latent_entropy struct task_struct *copy_process( goto bad_fork_cleanup_count; if (is_ucounts_overlimit(task_ucounts(p), UCOUNT_RLIMIT_NPROC, rlimit(RLIMIT_NPROC))) { if ((task_ucounts(p) != &init_ucounts) && - !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)) + !has_capability(p, CAP_SYS_RESOURCE) && + !has_capability(p, CAP_SYS_ADMIN)) goto bad_fork_cleanup_count; } current->flags &= ~PF_NPROC_CHECK; -- 2.29.2