Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

drivers/net/ipa/ipa_main.c 8afc7e471ad3 ("net: ipa: separate disabling setup from modem stop") 76b5fbcd6b47 ("net: ipa: kill ipa_modem_init()") Duplicated include, drop one. Signed-off-by: Jakub Kicinski <kuba@kernel.org>
author: Jakub Kicinski <kuba@kernel.org> 2021-11-26 13:26:29 -0800
committer: Jakub Kicinski <kuba@kernel.org> 2021-11-26 13:45:19 -0800
commit: 93d5404e8988882bd33f6acc0d343c4db51eb8b4 (patch)
tree: dd08a576dab4d61fda56dd005c7b2d0001a04297 /block/ioprio.c
parent: af22d0550705dcb4142362b232f972bfab486b89 (diff)
parent: c5c17547b778975b3d83a73c8d84e8fb5ecf3ba5 (diff)
download: lwn-93d5404e8988882bd33f6acc0d343c4db51eb8b4.tar.gz
lwn-93d5404e8988882bd33f6acc0d343c4db51eb8b4.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/block/ioprio.c b/block/ioprio.c
index 0e4ff245f2bf..313c14a70bbd 100644
--- a/block/ioprio.c
+++ b/block/ioprio.c
@@ -69,7 +69,14 @@ int ioprio_check_cap(int ioprio)
 
 	switch (class) {
 		case IOPRIO_CLASS_RT:
-			if (!capable(CAP_SYS_NICE) && !capable(CAP_SYS_ADMIN))
+			/*
+			 * Originally this only checked for CAP_SYS_ADMIN,
+			 * which was implicitly allowed for pid 0 by security
+			 * modules such as SELinux. Make sure we check
+			 * CAP_SYS_ADMIN first to avoid a denial/avc for
+			 * possibly missing CAP_SYS_NICE permission.
+			 */
+			if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_NICE))
 				return -EPERM;
 			fallthrough;
 			/* rt has prio field too */
author	Jakub Kicinski <kuba@kernel.org>	2021-11-26 13:26:29 -0800
committer	Jakub Kicinski <kuba@kernel.org>	2021-11-26 13:45:19 -0800
commit	93d5404e8988882bd33f6acc0d343c4db51eb8b4 (patch)
tree	dd08a576dab4d61fda56dd005c7b2d0001a04297 /block/ioprio.c
parent	af22d0550705dcb4142362b232f972bfab486b89 (diff)
parent	c5c17547b778975b3d83a73c8d84e8fb5ecf3ba5 (diff)
download	lwn-93d5404e8988882bd33f6acc0d343c4db51eb8b4.tar.gz lwn-93d5404e8988882bd33f6acc0d343c4db51eb8b4.zip