{"id":806806,"url":"http://patchwork.ozlabs.org/api/patches/806806/?format=json","web_url":"http://patchwork.ozlabs.org/project/netdev/patch/1503965540-30393-1-git-send-email-prakash.sangappa@oracle.com/","project":{"id":7,"url":"http://patchwork.ozlabs.org/api/projects/7/?format=json","name":"Linux network development","link_name":"netdev","list_id":"netdev.vger.kernel.org","list_email":"netdev@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<1503965540-30393-1-git-send-email-prakash.sangappa@oracle.com>","list_archive_url":null,"date":"2017-08-29T00:12:20","name":"[RESEND] Allow passing tid or pid in SCM_CREDENTIALS without CAP_SYS_ADMIN","commit_ref":null,"pull_url":null,"state":"rejected","archived":true,"hash":"d936b88a6fe808dd3f186e79d9bfde291ee704eb","submitter":{"id":72124,"url":"http://patchwork.ozlabs.org/api/people/72124/?format=json","name":"Prakash Sangappa","email":"prakash.sangappa@oracle.com"},"delegate":{"id":34,"url":"http://patchwork.ozlabs.org/api/users/34/?format=json","username":"davem","first_name":"David","last_name":"Miller","email":"davem@davemloft.net"},"mbox":"http://patchwork.ozlabs.org/project/netdev/patch/1503965540-30393-1-git-send-email-prakash.sangappa@oracle.com/mbox/","series":[{"id":279,"url":"http://patchwork.ozlabs.org/api/series/279/?format=json","web_url":"http://patchwork.ozlabs.org/project/netdev/list/?series=279","date":"2017-08-29T00:12:20","name":"[RESEND] Allow passing tid or pid in SCM_CREDENTIALS without CAP_SYS_ADMIN","version":1,"mbox":"http://patchwork.ozlabs.org/series/279/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/806806/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/806806/checks/","tags":{},"related":[],"headers":{"Return-Path":"<netdev-owner@vger.kernel.org>","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xh8Hh24P7z9s7v\n\tfor <patchwork-incoming@ozlabs.org>;\n\tTue, 29 Aug 2017 10:13:36 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1751243AbdH2ANX (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tMon, 28 Aug 2017 20:13:23 -0400","from userp1040.oracle.com ([156.151.31.81]:17554 \"EHLO\n\tuserp1040.oracle.com\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1751194AbdH2ANW (ORCPT\n\t<rfc822;netdev@vger.kernel.org>); Mon, 28 Aug 2017 20:13:22 -0400","from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234])\n\tby userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2)\n\twith ESMTP id v7T0DIob007459\n\t(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256\n\tverify=OK); Tue, 29 Aug 2017 00:13:19 GMT","from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75])\n\tby aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id v7T0DHHw031744\n\t(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256\n\tverify=OK); Tue, 29 Aug 2017 00:13:17 GMT","from abhmp0018.oracle.com (abhmp0018.oracle.com [141.146.116.24])\n\tby userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id\n\tv7T0DGK7001106; Tue, 29 Aug 2017 00:13:16 GMT","from pp-ThinkCentre-M82.us.oracle.com (/10.132.173.156)\n\tby default (Oracle Beehive Gateway v4.0)\n\twith ESMTP ; Mon, 28 Aug 2017 17:13:16 -0700"],"From":"Prakash Sangappa <prakash.sangappa@oracle.com>","To":"linux-kernel@vger.kernel.org, netdev@vger.kernel.org","Cc":"davem@davemloft.net, ebiederm@xmission.com, drepper@redhat.com,\n\tprakash.sangappa@oracle.com","Subject":"[RESEND PATCH] Allow passing tid or pid in SCM_CREDENTIALS without\n\tCAP_SYS_ADMIN","Date":"Mon, 28 Aug 2017 17:12:20 -0700","Message-Id":"<1503965540-30393-1-git-send-email-prakash.sangappa@oracle.com>","X-Mailer":"git-send-email 2.7.4","X-Source-IP":"aserv0022.oracle.com [141.146.126.234]","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<netdev.vger.kernel.org>","X-Mailing-List":"netdev@vger.kernel.org"},"content":"Currently passing tid(gettid(2)) of a thread in struct ucred in\nSCM_CREDENTIALS message requires CAP_SYS_ADMIN capability otherwise\nit fails with EPERM error. Some applications deal with thread id\nof a thread(tid) and so it would help to allow tid in SCM_CREDENTIALS\nmessage. Basically, either tgid(pid of the process) or the tid of\nthe thread should be allowed without the need for CAP_SYS_ADMIN capability.\n\nSCM_CREDENTIALS will be used to determine the global id of a process or\na thread running inside a pid namespace.\n\nThis patch adds necessary check to accept tid in SCM_CREDENTIALS\nstruct ucred.\n\nSigned-off-by: Prakash Sangappa <prakash.sangappa@oracle.com>\n---\n net/core/scm.c | 1 +\n 1 file changed, 1 insertion(+)","diff":"diff --git a/net/core/scm.c b/net/core/scm.c\nindex b1ff8a4..9274197 100644\n--- a/net/core/scm.c\n+++ b/net/core/scm.c\n@@ -55,6 +55,7 @@ static __inline__ int scm_check_creds(struct ucred *creds)\n \t\treturn -EINVAL;\n \n \tif ((creds->pid == task_tgid_vnr(current) ||\n+\t     creds->pid == task_pid_vnr(current) ||\n \t     ns_capable(task_active_pid_ns(current)->user_ns, CAP_SYS_ADMIN)) &&\n \t    ((uid_eq(uid, cred->uid)   || uid_eq(uid, cred->euid) ||\n \t      uid_eq(uid, cred->suid)) || ns_capable(cred->user_ns, CAP_SETUID)) &&\n","prefixes":["RESEND"]}