Patchwork [v3,05/11] syslog_ns: make permisiion check per user namespace

login
register
mail settings
Submitter Rui Xiang
Date Aug. 7, 2013, 7:37 a.m.
Message ID <1375861035-24320-6-git-send-email-rui.xiang@huawei.com>
Download mbox | patch
Permalink /patch/265373/
State Not Applicable
Delegated to: David Miller
Headers show

Comments

Rui Xiang - Aug. 7, 2013, 7:37 a.m.
Use ns_capable to check capability in user ns,
instead of capable function. The user ns is the
owner of current syslog ns.

Signed-off-by: Rui Xiang <rui.xiang@huawei.com>
---
 kernel/printk.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
Ben Hutchings - Aug. 7, 2013, 6:41 p.m.
On Wed, 2013-08-07 at 15:37 +0800, Rui Xiang wrote:
> Use ns_capable to check capability in user ns,
> instead of capable function. The user ns is the
> owner of current syslog ns.
> 
> Signed-off-by: Rui Xiang <rui.xiang@huawei.com>
> ---
>  kernel/printk.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/kernel/printk.c b/kernel/printk.c
> index e508ab2..ca951e7 100644
> --- a/kernel/printk.c
> +++ b/kernel/printk.c
> @@ -374,13 +374,13 @@ static int check_syslog_permissions(int type, bool from_file,
>  		return 0;
>  
>  	if (syslog_action_restricted(type, ns)) {
> -		if (capable(CAP_SYSLOG))
> +		if (ns_capable(ns->owner, CAP_SYSLOG))
>  			return 0;
>  		/*
>  		 * For historical reasons, accept CAP_SYS_ADMIN too, with
>  		 * a warning.
>  		 */
> -		if (capable(CAP_SYS_ADMIN)) {
> +		if (ns_capable(ns->owner, CAP_SYS_ADMIN)) {
>  			pr_warn_once("%s (%d): Attempt to access syslog with "
>  				     "CAP_SYS_ADMIN but no CAP_SYSLOG "
>  				     "(deprecated).\n",

Since CAP_SYS_ADMIN is only accepted for backward compatibility, is it
really necessary to accept it as a per-namespace capability too?

Ben.

Patch

diff --git a/kernel/printk.c b/kernel/printk.c
index e508ab2..ca951e7 100644
--- a/kernel/printk.c
+++ b/kernel/printk.c
@@ -374,13 +374,13 @@  static int check_syslog_permissions(int type, bool from_file,
 		return 0;
 
 	if (syslog_action_restricted(type, ns)) {
-		if (capable(CAP_SYSLOG))
+		if (ns_capable(ns->owner, CAP_SYSLOG))
 			return 0;
 		/*
 		 * For historical reasons, accept CAP_SYS_ADMIN too, with
 		 * a warning.
 		 */
-		if (capable(CAP_SYS_ADMIN)) {
+		if (ns_capable(ns->owner, CAP_SYS_ADMIN)) {
 			pr_warn_once("%s (%d): Attempt to access syslog with "
 				     "CAP_SYS_ADMIN but no CAP_SYSLOG "
 				     "(deprecated).\n",