[PATCH 5.10 130/154] block: Check ADMIN before NICE for IOPRIO_CLASS_RT
Jari Ruusu
jariruusu at users.sourceforge.net
Wed Nov 24 14:22:50 UTC 2021
Greg Kroah-Hartman wrote:
> From: Alistair Delva <adelva at google.com>
>
> commit 94c4b4fd25e6c3763941bdec3ad54f2204afa992 upstream.
[SNIP]
> --- a/block/ioprio.c
> +++ b/block/ioprio.c
> @@ -69,7 +69,14 @@ int ioprio_check_cap(int ioprio)
>
> switch (class) {
> case IOPRIO_CLASS_RT:
> - if (!capable(CAP_SYS_NICE) && !capable(CAP_SYS_ADMIN))
> + /*
> + * Originally this only checked for CAP_SYS_ADMIN,
> + * which was implicitly allowed for pid 0 by security
> + * modules such as SELinux. Make sure we check
> + * CAP_SYS_ADMIN first to avoid a denial/avc for
> + * possibly missing CAP_SYS_NICE permission.
> + */
> + if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_NICE))
> return -EPERM;
> fallthrough;
> /* rt has prio field too */
What exactly is above patch trying to fix?
It does not change control flow at all, and added comment is misleading.
--
Jari Ruusu 4096R/8132F189 12D6 4C3A DCDA 0AA4 27BD ACDF F073 3C80 8132 F189
More information about the Linux-security-module-archive
mailing list