diff options
author | Thomas Cedeno <thomascedeno@google.com> | 2020-07-16 19:13:57 +0000 |
---|---|---|
committer | Micah Morton <mortonm@chromium.org> | 2020-10-13 09:17:34 -0700 |
commit | 111767c1d86bd9661f8b72ace50cbcb13507a1bf (patch) | |
tree | eb61e1cd69c7b43ce363d8cde1c67ae0751eeb37 /kernel/capability.c | |
parent | bbf5c979011a099af5dc76498918ed7df445635b (diff) | |
download | lwn-111767c1d86bd9661f8b72ace50cbcb13507a1bf.tar.gz lwn-111767c1d86bd9661f8b72ace50cbcb13507a1bf.zip |
LSM: Signal to SafeSetID when setting group IDs
For SafeSetID to properly gate set*gid() calls, it needs to know whether
ns_capable() is being called from within a sys_set*gid() function or is
being called from elsewhere in the kernel. This allows SafeSetID to deny
CAP_SETGID to restricted groups when they are attempting to use the
capability for code paths other than updating GIDs (e.g. setting up
userns GID mappings). This is the identical approach to what is
currently done for CAP_SETUID.
NOTE: We also add signaling to SafeSetID from the setgroups() syscall,
as we have future plans to restrict a process' ability to set
supplementary groups in addition to what is added in this series for
restricting setting of the primary group.
Signed-off-by: Thomas Cedeno <thomascedeno@google.com>
Signed-off-by: Micah Morton <mortonm@chromium.org>
Diffstat (limited to 'kernel/capability.c')
-rw-r--r-- | kernel/capability.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/capability.c b/kernel/capability.c index 7c59b096c98a..de7eac903a2a 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -418,7 +418,7 @@ EXPORT_SYMBOL(ns_capable_noaudit); /** * ns_capable_setid - Determine if the current task has a superior capability * in effect, while signalling that this check is being done from within a - * setid syscall. + * setid or setgroups syscall. * @ns: The usernamespace we want the capability in * @cap: The capability to be tested for * |