[PATCH] RDMA/uverbs: Consider capability of the process that opens the file
Serge E. Hallyn
serge at hallyn.com
Fri Apr 25 14:01:44 UTC 2025
On Fri, Apr 25, 2025 at 10:29:30AM -0300, Jason Gunthorpe wrote:
> On Fri, Apr 25, 2025 at 01:14:35PM +0000, Parav Pandit wrote:
>
> > 1. In uobject creation syscall, I will add the check current->nsproxy->net->user_ns capability using ns_capable().
> > And we don't hold any reference for user ns.
>
> This is the thing that makes my head ache.. Is that really the right
> way to get the user_ns of current? Is it possible that current has
> multiple user_ns's? We are picking nsproxy because ib_dev has a net
> namespace affiliation?
It's not that "current has multiple user_ns's", it's that the various
resources, including other namespaces, which current has or belongs
to have associated namespaces.
current_user_ns() is the user namespace to which current belongs.
But if you want to check if it can have privilege over a resource,
you have to check whether current has ns_capable(resource->userns, CAP_X).
-serge
More information about the Linux-security-module-archive
mailing list