[PATCH 5.10 130/154] block: Check ADMIN before NICE for IOPRIO_CLASS_RT

Jari Ruusu jariruusu at users.sourceforge.net
Wed Nov 24 14:22:50 UTC 2021


Greg Kroah-Hartman wrote:
> From: Alistair Delva <adelva at google.com>
> 
> commit 94c4b4fd25e6c3763941bdec3ad54f2204afa992 upstream.
 [SNIP]
> --- a/block/ioprio.c
> +++ b/block/ioprio.c
> @@ -69,7 +69,14 @@ int ioprio_check_cap(int ioprio)
> 
>         switch (class) {
>                 case IOPRIO_CLASS_RT:
> -                       if (!capable(CAP_SYS_NICE) && !capable(CAP_SYS_ADMIN))
> +                       /*
> +                        * Originally this only checked for CAP_SYS_ADMIN,
> +                        * which was implicitly allowed for pid 0 by security
> +                        * modules such as SELinux. Make sure we check
> +                        * CAP_SYS_ADMIN first to avoid a denial/avc for
> +                        * possibly missing CAP_SYS_NICE permission.
> +                        */
> +                       if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_NICE))
>                                 return -EPERM;
>                         fallthrough;
>                         /* rt has prio field too */

What exactly is above patch trying to fix?
It does not change control flow at all, and added comment is misleading.

-- 
Jari Ruusu  4096R/8132F189 12D6 4C3A DCDA 0AA4 27BD  ACDF F073 3C80 8132 F189



More information about the Linux-security-module-archive mailing list