[PATCH] kernel/sys.c: fix and improve control flow in __sys_setres[ug]id()
Andrew Morton
akpm at linux-foundation.org
Wed Feb 15 20:47:47 UTC 2023
On Wed, 15 Feb 2023 14:18:07 +0100 Ondrej Mosnacek <omosnace at redhat.com> wrote:
> 1. First determine if CAP_SET[UG]ID is required and only then call
> ns_capable_setid(), to avoid bogus LSM (SELinux) denials.
Can we please have more details on the selinux failures? Under what
circumstances? What is the end-user impact?
Because a fix for "bogus LSM (SELinux) denials" sounds like something
which should be backported into earlier kernels, but there simply isn't
sufficient information here for others to decide on this.
More information about the Linux-security-module-archive
mailing list