Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp3006182rwd; Mon, 22 May 2023 07:25:27 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5CcluMSkSPEyhIBExBh/jKQIc5xKh1hFMxjMb85wDfAYtaMkVTM6rCFfsDDgrWHanhbeAE X-Received: by 2002:a05:6a21:6d9f:b0:10a:e388:fcb5 with SMTP id wl31-20020a056a216d9f00b0010ae388fcb5mr9154984pzb.13.1684765527682; Mon, 22 May 2023 07:25:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684765527; cv=none; d=google.com; s=arc-20160816; b=tt81ewLcz9NctKi/SyAkAevkchoyaDOXblHBOExHNLWhHWTk9fkh/zEwgfnsfmuR2n z2jvUaJhsUdybylp8bKHHljigXfGWdU3/vZxBEnoD7UK7MjZdT1yWJGk7XPmntaj7nSm ++n53NG1umCoHN10SpM6NYhMWZj/hNwbaTFCn+fnfTBb/OeWKPLnfkXq8ZvcgQLr8Q5R YfhOPl41kpF+BCHs7Obpowg5rr39PANbnrT37QLs9YMY3H0FBYtDSWGkr1WN+6zRKta2 OmXucFMeIRFlidsBKYirMz8IJZyoBfIDjc5ss97eJZHeSEP5BCekdusqht0Fkin7kFNQ ZWnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date:dkim-signature; bh=idH/1frPrIip63cZCQnGf3/2ciwKL3/yzbQjgoMvysU=; b=fCFXk2vzXuuMFvygf9Vk2fVXIP81WpfLzi1yVXJ7pwRCq+QUC7an1+957CyF+3XAHn /9n079D71iCkuTdqJSGU72p1KhlnKAVd0MbFEANmhGZ51TCMiQbDhGPlBCp7D/DC5PTK A2R9a5TseaeKCmMx1qB4EYJ8lBFnQ4NrutWhDMkSlKEHK0X4L+T1MSlX4W4Mygq1p6CF V7uUyvTsabqqXvz0K5NL8iZ3yJWp3UjZ8vCGr0eHLCfARKDWNOEgR+fA+9yzGRhGCG7g +psggzRGcJmlf1Cfmihkm8UB1q21AB+Lx08D6+09VKiK714xlwwcnybmRgJEVx0gFpK8 Mf7w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@bootlin.com header.s=gm1 header.b=KfD71gf6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=bootlin.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v62-20020a638941000000b005346bd7dee9si4691985pgd.682.2023.05.22.07.25.13; Mon, 22 May 2023 07:25:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@bootlin.com header.s=gm1 header.b=KfD71gf6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=bootlin.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234415AbjEVODn (ORCPT + 99 others); Mon, 22 May 2023 10:03:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40638 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233887AbjEVOD0 (ORCPT ); Mon, 22 May 2023 10:03:26 -0400 Received: from mslow1.mail.gandi.net (mslow1.mail.gandi.net [IPv6:2001:4b98:dc4:8::240]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8B73819A6; Mon, 22 May 2023 07:01:54 -0700 (PDT) Received: from relay8-d.mail.gandi.net (unknown [217.70.183.201]) by mslow1.mail.gandi.net (Postfix) with ESMTP id 26CB9C0931; Mon, 22 May 2023 13:58:38 +0000 (UTC) Received: (Authenticated sender: miquel.raynal@bootlin.com) by mail.gandi.net (Postfix) with ESMTPSA id 9B1BC1BF216; Mon, 22 May 2023 13:56:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=gm1; t=1684763796; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=idH/1frPrIip63cZCQnGf3/2ciwKL3/yzbQjgoMvysU=; b=KfD71gf6rj+7VqnudQ3hMHflZh/tS+faJ2vkaa6Gs7BYmikYGDPr8XCxuyoGNWi9CoPh6j gkqbQNX3MUdInWLbrJ1bVbBp5xSZupewfC3L2WUGO1tb54VDzbmW0khW1guRl7wgYUMrVC UO1jWB9EYHURYd9C/o2SmdXooVCOGR5FAl0WQibtfh//po5jqHRXrXcEFG2FLrNwzaTrmW nK/cJCYxzVhgbuNDFmljohabTQDdTZVa+zUXjmlDEvLLyPquPfx7pVLGTUta/KN3926Xc3 JNYXAA5RciLh1z/nZvriT+s9lVz1w9oG3JDU0hYuRvd8pDdCn6Hfn1rPMvnPYg== Date: Mon, 22 May 2023 15:56:32 +0200 From: Miquel Raynal To: Christian =?UTF-8?B?R8O2dHRzY2hl?= Cc: selinux@vger.kernel.org, "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Alexander Aring , Stefan Schmidt , David Ahern , Keith Busch , Kuniyuki Iwashima , Christophe JAILLET , Alexei Starovoitov , Martin KaFai Lau , Xin Long , Alexander Duyck , Jason Xing , Jens Axboe , Pavel Begunkov , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-wpan@vger.kernel.org, bpf@vger.kernel.org Subject: Re: [PATCH v4 9/9] net: use new capable_any functionality Message-ID: <20230522155632.205ac884@xps-13> In-Reply-To: <20230511142535.732324-9-cgzones@googlemail.com> References: <20230511142535.732324-1-cgzones@googlemail.com> <20230511142535.732324-9-cgzones@googlemail.com> Organization: Bootlin X-Mailer: Claws Mail 4.0.0 (GTK+ 3.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Christian, cgzones@googlemail.com wrote on Thu, 11 May 2023 16:25:32 +0200: > Use the new added capable_any function in appropriate cases, where a > task is required to have any of two capabilities. >=20 > Add sock_ns_capable_any() wrapper similar to existing sock_ns_capable() > one. >=20 > Reorder CAP_SYS_ADMIN last. >=20 > Signed-off-by: Christian G=C3=B6ttsche > --- > v4: > - introduce sockopt_ns_capable_any() > v3: > - rename to capable_any() > - make use of ns_capable_any > Signed-off-by: Christian G=C3=B6ttsche > --- > include/net/sock.h | 1 + > net/caif/caif_socket.c | 2 +- > net/core/sock.c | 18 ++++++++++-------- > net/ieee802154/socket.c | 6 ++---- > net/ipv4/ip_sockglue.c | 4 ++-- > net/ipv6/ipv6_sockglue.c | 3 +-- > net/unix/scm.c | 2 +- > 7 files changed, 18 insertions(+), 18 deletions(-) >=20 [...] > diff --git a/net/ieee802154/socket.c b/net/ieee802154/socket.c > index 1fa2fe041ec0..f9bc6cae4af9 100644 > --- a/net/ieee802154/socket.c > +++ b/net/ieee802154/socket.c > @@ -904,8 +904,7 @@ static int dgram_setsockopt(struct sock *sk, int leve= l, int optname, > ro->want_lqi =3D !!val; > break; > case WPAN_SECURITY: > - if (!ns_capable(net->user_ns, CAP_NET_ADMIN) && > - !ns_capable(net->user_ns, CAP_NET_RAW)) { > + if (!ns_capable_any(net->user_ns, CAP_NET_ADMIN, CAP_NET_RAW)) { > err =3D -EPERM; > break; > } > @@ -928,8 +927,7 @@ static int dgram_setsockopt(struct sock *sk, int leve= l, int optname, > } > break; > case WPAN_SECURITY_LEVEL: > - if (!ns_capable(net->user_ns, CAP_NET_ADMIN) && > - !ns_capable(net->user_ns, CAP_NET_RAW)) { > + if (!ns_capable_any(net->user_ns, CAP_NET_ADMIN, CAP_NET_RAW)) { > err =3D -EPERM; > break; > } I was not noticed this was applied already, so, for ieee802154: Reviewed-by: Miquel Raynal Thanks, Miqu=C3=A8l