[PATCH] kernel/sys.c: fix and improve control flow in __sys_setres[ug]id()
Ondrej Mosnacek
omosnace at redhat.com
Fri Feb 17 16:14:05 UTC 2023
On Wed, Feb 15, 2023 at 9:47 PM Andrew Morton <akpm at linux-foundation.org> wrote:
>
> On Wed, 15 Feb 2023 14:18:07 +0100 Ondrej Mosnacek <omosnace at redhat.com> wrote:
>
> > 1. First determine if CAP_SET[UG]ID is required and only then call
> > ns_capable_setid(), to avoid bogus LSM (SELinux) denials.
>
> Can we please have more details on the selinux failures? Under what
> circumstances? What is the end-user impact?
>
> Because a fix for "bogus LSM (SELinux) denials" sounds like something
> which should be backported into earlier kernels, but there simply isn't
> sufficient information here for others to decide on this.
Fair point. I will send a v2 with a more detailed explanation.
--
Ondrej Mosnacek
Senior Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.
More information about the Linux-security-module-archive
mailing list