summaryrefslogtreecommitdiff
path: root/fs/proc
diff options
context:
space:
mode:
authorAdrian Reber <areber@redhat.com>2020-07-19 12:04:14 +0200
committerChristian Brauner <christian.brauner@ubuntu.com>2020-07-19 20:14:42 +0200
commit12886f8ab10ce6a09af1d92535d49c81aaa215a8 (patch)
tree5216c20df0841870c59b86e55c52d5860d948900 /fs/proc
parentb9a3db92e1a1f281724e2f34b849d18d1a53bece (diff)
downloadlwn-12886f8ab10ce6a09af1d92535d49c81aaa215a8.tar.gz
lwn-12886f8ab10ce6a09af1d92535d49c81aaa215a8.zip
proc: allow access in init userns for map_files with CAP_CHECKPOINT_RESTORE
Opening files in /proc/pid/map_files when the current user is CAP_CHECKPOINT_RESTORE capable in the root namespace is useful for checkpointing and restoring to recover files that are unreachable via the file system such as deleted files, or memfd files. Signed-off-by: Adrian Reber <areber@redhat.com> Signed-off-by: Nicolas Viennot <Nicolas.Viennot@twosigma.com> Reviewed-by: Cyrill Gorcunov <gorcunov@gmail.com> Reviewed-by: Serge Hallyn <serge@hallyn.com> Link: https://lore.kernel.org/r/20200719100418.2112740-5-areber@redhat.com Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Diffstat (limited to 'fs/proc')
-rw-r--r--fs/proc/base.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c
index d86c0afc8a85..a333caeca291 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -2189,16 +2189,16 @@ struct map_files_info {
};
/*
- * Only allow CAP_SYS_ADMIN to follow the links, due to concerns about how the
- * symlinks may be used to bypass permissions on ancestor directories in the
- * path to the file in question.
+ * Only allow CAP_SYS_ADMIN and CAP_CHECKPOINT_RESTORE to follow the links, due
+ * to concerns about how the symlinks may be used to bypass permissions on
+ * ancestor directories in the path to the file in question.
*/
static const char *
proc_map_files_get_link(struct dentry *dentry,
struct inode *inode,
struct delayed_call *done)
{
- if (!capable(CAP_SYS_ADMIN))
+ if (!checkpoint_restore_ns_capable(&init_user_ns))
return ERR_PTR(-EPERM);
return proc_pid_get_link(dentry, inode, done);