[PATCH] RDMA/uverbs: Consider capability of the process that opens the file
Jason Gunthorpe
jgg at nvidia.com
Fri Apr 25 13:29:30 UTC 2025
On Fri, Apr 25, 2025 at 01:14:35PM +0000, Parav Pandit wrote:
> 1. In uobject creation syscall, I will add the check current->nsproxy->net->user_ns capability using ns_capable().
> And we don't hold any reference for user ns.
This is the thing that makes my head ache.. Is that really the right
way to get the user_ns of current? Is it possible that current has
multiple user_ns's? We are picking nsproxy because ib_dev has a net
namespace affiliation?
> This will be only done for the selected objects who need cap enforcement.
> Can we proceed with this for user ns cap enforcement?
>
> 2. For net ns protection in exclusive mode, few enforcements to be done for
> ib device modify_qp, sysfs, gid query. This will be a separate, unrelated patch(es) to user ns.
>
> 3. Do not enforce things in shared net ns mode.
>
> For #1 and #2, will send two different patch set.
>
> Does this path look ok?
Yes
Jason
More information about the Linux-security-module-archive
mailing list