[PATCH v2] nbd: override creds to kernel when calling sock_{send,recv}msg()
Jens Axboe
axboe at kernel.dk
Mon Oct 20 16:38:34 UTC 2025
On Fri, 10 Oct 2025 10:09:00 +0200, Ondrej Mosnacek wrote:
> sock_{send,recv}msg() internally calls security_socket_{send,recv}msg(),
> which does security checks (e.g. SELinux) for socket access against the
> current task. However, _sock_xmit() in drivers/block/nbd.c may be called
> indirectly from a userspace syscall, where the NBD socket access would
> be incorrectly checked against the calling userspace task (which simply
> tries to read/write a file that happens to reside on an NBD device).
>
> [...]
Applied, thanks!
[1/1] nbd: override creds to kernel when calling sock_{send,recv}msg()
commit: 81ccca31214e11ea2b537fd35d4f66d7cf46268e
Best regards,
--
Jens Axboe
More information about the Linux-security-module-archive
mailing list