Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp7541256rwd; Tue, 6 Jun 2023 12:16:19 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6bBPgZIi3rZR9ypN5r5CHXUusfNlhp95NUyr1D35G5+PUp5ONAtvvqSc0l0HZ4zd7fUVSS X-Received: by 2002:a05:622a:10c:b0:3f4:ecb4:86e with SMTP id u12-20020a05622a010c00b003f4ecb4086emr810733qtw.34.1686078979189; Tue, 06 Jun 2023 12:16:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686078979; cv=none; d=google.com; s=arc-20160816; b=VKGksmjI6Y+gJu1hVilxa+TXyhMtc7KuIR9NnCcwuhOs7HNAAo+guowMFXJxKOkIDb AAoKflsbz9NKSJGUf+GTQ8xsvjE5GHEKu/fuxrImmviyPPN/BPqcs5qPHyvL2WfzVE42 OzyI83K1ZV1NA/04lkBvb8u9EJ3ZCq7P40fCdyk+RpXitxxhXsFDAotSUMoMT+h/0v7/ sNRGyle8+2zUsowxLHEA8MuYG1jN9g7cxWXNy4uvvErLRhiIy4PMnV7aKNwMhRlZMZWv dSW2jh8o83kdrRKfELnwqYq4g/o51S3IRxYAkaHA7u+7tEeYbnxZ4whGppWE8eg8or5r JuHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=ZBMK+DdZXFCRFi5Z/MVobjT4mwItd0TF7QfSBIyRNYM=; b=BUrc73B8c31gX2dw6Uelo4avQJATBft4HLfbOH/GON+tCS72sq9tQLma+T0KpD/FqN d+IhYhjRbUejTYW+cTGVVNZfl2dxlst3QQ5MohmM+VeSbIRL6OyhOoADb+X+FCDlm+fo 1Dk4jeeRGTDJHbtXAEVe21+izhGd50urv6mdghRAbo3i+OIY52aiwb615iwqBVN9GCSy 5gwObqeecwUy7/BlGyFcDsjuBebmcBh0yQBSYq2fwNlxDgT/utljQslUHcO42D/SV8ks LEexlKMRcyO0xshcbEjLgiwxrPxy4rzoSXQdFy5aI9d6kb6XY7Ws4feFJFIejxY13J2F vs3g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b="mHf/l9DV"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t17-20020ac85891000000b003f534327c38si7059691qta.348.2023.06.06.12.16.03; Tue, 06 Jun 2023 12:16:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b="mHf/l9DV"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234770AbjFFSut (ORCPT + 99 others); Tue, 6 Jun 2023 14:50:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59546 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233251AbjFFSus (ORCPT ); Tue, 6 Jun 2023 14:50:48 -0400 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B5536EA for ; Tue, 6 Jun 2023 11:50:46 -0700 (PDT) Received: from mail-yw1-f197.google.com (mail-yw1-f197.google.com [209.85.128.197]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 6E3543F15B for ; Tue, 6 Jun 2023 18:50:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1686077445; bh=ZBMK+DdZXFCRFi5Z/MVobjT4mwItd0TF7QfSBIyRNYM=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=mHf/l9DVLNuZu8eEjcBx5Qm56t7Mik+HTIDZh41XKRBqWrk2qf2lQoJxtv09ia2tm FBPHLtePOZiu24f01Bos9p6SM05WH/0RsW0PPEwUFtoMA1EPAZKH59agGFdMOGu9Dq bi+iQlPEa6IH15VeC3B4HLxsi+CtYErz6Z7NXxCfRIWXSBuH7y8zg+m0739DBhvqRs WSleRgNOG/gZznhjfBU79X+79qFycVUE3NMDyupUF81e8NRQZIgqTho8H4wa2HSV/I oMlW+ee9AmJaR4qYlAyXD+XeY339s3l4eGJD4dkBNkG7NgwXNuAQo7nxaScUpVP9vU QwYS6D/EkPQLQ== Received: by mail-yw1-f197.google.com with SMTP id 00721157ae682-565a1788f3fso105693047b3.0 for ; Tue, 06 Jun 2023 11:50:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686077443; x=1688669443; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZBMK+DdZXFCRFi5Z/MVobjT4mwItd0TF7QfSBIyRNYM=; b=WxP+KgjwfoBkcAgKonNdosddUcaovmGLSuTvZg1Z8qaHGYj8lZ7SSe2VZ1UuSCjI7I zXHK6a7eOEgKuC8JoVY147pZaKMAqN6keZCuClQ+qQh7Ncvr+k+Ksn58rDhKONMsknMS lTZKVlenMhi5Zm10XSz2fG1i5ytmlVINrBtcMfrIQ9A1EO8HkcDeuOtZUx+H8GNNOXko WLZUe6qcgJ92IzLhbABL/DrOFbVnSms7YOfSSXHvcVRzlvxdz6kAd8RZEW/d8KalNuDc ms0pDiFWTWN5Sj/3rUeBWH3QnCbHljOas/+/qF+Ol8H8fhufkE/a+qVs8YUzqUZKxEyw cHog== X-Gm-Message-State: AC+VfDyfXV7cfvxkeYvwt8IR8DTkh5lT5NFCP95azpasIJyyBQb+13Jo YB88LPAt2/ABjYR4ivN2Rp6KMDmerw1A3K7MG5JYRdIM0PIvOngpXnIzLM+7ORbqk0K3Hh8mC0s N0kbuW59kohVPjA+Vb12JtksbY3Q1+HgAA50kS8EFY1pVTHpJXG/qWHo+FfLb1tDheagw X-Received: by 2002:a0d:df93:0:b0:567:2891:a2ec with SMTP id i141-20020a0ddf93000000b005672891a2ecmr2847085ywe.22.1686077443442; Tue, 06 Jun 2023 11:50:43 -0700 (PDT) X-Received: by 2002:a0d:df93:0:b0:567:2891:a2ec with SMTP id i141-20020a0ddf93000000b005672891a2ecmr2847070ywe.22.1686077443171; Tue, 06 Jun 2023 11:50:43 -0700 (PDT) MIME-Version: 1.0 References: <20230503064344.45825-1-aleksandr.mikhalitsyn@canonical.com> In-Reply-To: From: Aleksandr Mikhalitsyn Date: Tue, 6 Jun 2023 20:50:32 +0200 Message-ID: Subject: Re: [PATCH v2] LSM: SafeSetID: fix UID printed instead of GID To: Paul Moore Cc: mortonm@chromium.org, penguin-kernel@i-love.sakura.ne.jp, James Morris , "Serge E. Hallyn" , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, May 18, 2023 at 8:59=E2=80=AFPM Paul Moore wr= ote: > > On Wed, May 3, 2023 at 2:44=E2=80=AFAM Alexander Mikhalitsyn > wrote: > > > > pr_warn message clearly says that GID should be printed, > > but we have UID there. Let's fix that. > > > > Found accidentaly during the work on isolated user namespaces. > > > > Signed-off-by: Alexander Mikhalitsyn > > --- > > v2: __kuid_val -> __kgid_val > > --- > > security/safesetid/lsm.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > I'm assuming you're going to pick this up Micah? > > Reviewed-by: Paul Moore Dear Paul! Thanks for your review! Gentle ping to Micah Morton :-) Kind regards, Alex > > > diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c > > index e806739f7868..5be5894aa0ea 100644 > > --- a/security/safesetid/lsm.c > > +++ b/security/safesetid/lsm.c > > @@ -131,7 +131,7 @@ static int safesetid_security_capable(const struct = cred *cred, > > * set*gid() (e.g. setting up userns gid mappings). > > */ > > pr_warn("Operation requires CAP_SETGID, which is not av= ailable to GID %u for operations besides approved set*gid transitions\n", > > - __kuid_val(cred->uid)); > > + __kgid_val(cred->gid)); > > return -EPERM; > > default: > > /* Error, the only capabilities were checking for is CA= P_SETUID/GID */ > > -- > > 2.34.1 > > -- > paul-moore.com