Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp2380026rdb; Fri, 8 Dec 2023 06:37:29 -0800 (PST) X-Google-Smtp-Source: AGHT+IFAp6dPet5qhnljtVFAIczPkx6ohXchLowdIVUluiZMgwkKpAti9v+mjg5QpvmHAYxV3EGm X-Received: by 2002:a05:6a20:158b:b0:190:61a1:3be2 with SMTP id h11-20020a056a20158b00b0019061a13be2mr123424pzj.97.1702046249224; Fri, 08 Dec 2023 06:37:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702046249; cv=none; d=google.com; s=arc-20160816; b=v+0SrtLOHz6+K+RveWYl62VHyDok2MFWBu9iJY4TqkbBGP/+cJOYdc0oBxFbgdltN7 4g3mDARuSbiys0nnd+sQ6i+++OezKatHqfzy+hHGYEUEJ1QH7KEyp2eliRc9pVPfmEA+ YOuvUBYNoT7FETn2QA0utRRpbWFXSUTgO3NHri/bVvMnOKdh2Axlczeaf3oBlS6MjcnC 6KAVFV5+y44mm1iMe1EbTn5TZNxdNbV1ydEnNZA3ak+N62Bi0VtBRb0nv3tJD5XAaOP+ ypDGSOUpkfpSaGsh8dfxVmMQQznm1kZwlcEYn37zhW1Qz7rXqJC+1540e3Y713IQkBUd lbKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=AGyFgdHP5CfZnH6yf416tkKYDJhR0dgh69d8LJkiI1E=; fh=RSTqdIl5aceIwD3S/DVxCGxpAFnUugKWbNoI5DOSl4s=; b=oeqp+bHgOsAqVzrTWSYieiTSGfRd2AWkh+erMGw4Gea+B7/jR9RxIg7dejulMwaO9x ZmgjN2jF1A/x32J0Ih75J2KXeBskkwUsS/Akd+Jme7SDUxRX8fdy6sElD5OO+LjM0yUB TJij5fV+HplFKRfjCT/aKQu8QZ45Uv+H94ksQovtZKJ1hay84Y70FmPg+Z1cQqsEvozO 6eqHTHCs2w0Dath/uf/hax4RRRyPB41d/IP9hvuTa1rudcZVTdj2o77PGdbjqK/+CqY9 JXAa1Zvl1uNRM9rK3xPAtljFRCE2eJqcf/o/pSSgUJyimdzksGt4nuNZ/NkWikxPhr89 QC6g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id x3-20020a636303000000b005af979066c0si1635041pgb.306.2023.12.08.06.37.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 08 Dec 2023 06:37:29 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id DBB128022478; Fri, 8 Dec 2023 06:37:26 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1573974AbjLHOhK (ORCPT + 99 others); Fri, 8 Dec 2023 09:37:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36012 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1573958AbjLHOhJ (ORCPT ); Fri, 8 Dec 2023 09:37:09 -0500 Received: from rhlx01.hs-esslingen.de (rhlx01.hs-esslingen.de [129.143.116.10]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6DFA9173B; Fri, 8 Dec 2023 06:37:15 -0800 (PST) Received: from lela.futurama.org (localhost.localdomain [IPv6:::1]) by rhlx01.hs-esslingen.de (Postfix) with ESMTP id BD6342A00646; Fri, 8 Dec 2023 15:37:10 +0100 (CET) Received: from dcbf.. (unknown [192.168.1.149]) by lela.futurama.org (Postfix) with ESMTP id A40548032518; Fri, 8 Dec 2023 15:37:10 +0100 (CET) From: Adrian Reber To: Greg Kroah-Hartman , Jiri Slaby , linux-kernel@vger.kernel.org, linux-serial@vger.kernel.org Cc: Christian Brauner Subject: [PATCH v2] tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE Date: Fri, 8 Dec 2023 15:36:56 +0100 Message-ID: <20231208143656.1019-1-areber@redhat.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Fri, 08 Dec 2023 06:37:27 -0800 (PST) The capability CAP_CHECKPOINT_RESTORE was introduced to allow non-root users to checkpoint and restore processes as non-root with CRIU. This change extends CAP_CHECKPOINT_RESTORE to enable the CRIU option '--shell-job' as non-root. CRIU's man-page describes the '--shell-job' option like this: Allow one to dump shell jobs. This implies the restored task will inherit session and process group ID from the criu itself. This option also allows to migrate a single external tty connection, to migrate applications like top. TIOCSLCKTRMIOS can only be done if the process has CAP_SYS_ADMIN and this change extends it to CAP_SYS_ADMIN or CAP_CHECKPOINT_RESTORE. With this change it is possible to checkpoint and restore processes which have a tty connection as non-root if CAP_CHECKPOINT_RESTORE is set. Acked-by: Christian Brauner Signed-off-by: Adrian Reber --- Changes in v2: - replaced "if (!capable(CAP_SYS_ADMIN) && !capable(CAP_CHECKPOINT_RESTORE))" with "if (!checkpoint_restore_ns_capable(&init_user_ns))" as suggested by Christian Brauner - v1: https://lore.kernel.org/linux-serial/20231206134340.7093-1-areber@redhat.com/ --- drivers/tty/tty_ioctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/tty/tty_ioctl.c b/drivers/tty/tty_ioctl.c index 4b499301a3db..85de90eebc7b 100644 --- a/drivers/tty/tty_ioctl.c +++ b/drivers/tty/tty_ioctl.c @@ -844,7 +844,7 @@ int tty_mode_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg) ret = -EFAULT; return ret; case TIOCSLCKTRMIOS: - if (!capable(CAP_SYS_ADMIN)) + if (!checkpoint_restore_ns_capable(&init_user_ns)) return -EPERM; copy_termios_locked(real_tty, &kterm); if (user_termios_to_kernel_termios(&kterm, @@ -861,7 +861,7 @@ int tty_mode_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg) ret = -EFAULT; return ret; case TIOCSLCKTRMIOS: - if (!capable(CAP_SYS_ADMIN)) + if (!checkpoint_restore_ns_capable(&init_user_ns)) return -EPERM; copy_termios_locked(real_tty, &kterm); if (user_termios_to_kernel_termios_1(&kterm, base-commit: 98b1cc82c4affc16f5598d4fa14b1858671b2263 -- 2.43.0