Commit 71a98971 authored by Jann Horn's avatar Jann Horn Committed by Micah Morton

LSM: SafeSetID: fix userns handling in securityfs

Looking at current_cred() in write handlers is bad form, stop doing that.

Also, let's just require that the write is coming from the initial user
namespace. Especially SAFESETID_WHITELIST_FLUSH requires privilege over all
namespaces, and SAFESETID_WHITELIST_ADD should probably require it as well.
Signed-off-by: default avatarJann Horn <jannh@google.com>
Signed-off-by: default avatarMicah Morton <mortonm@chromium.org>
parent 78ae7df9
...@@ -59,8 +59,8 @@ static int parse_policy_line( ...@@ -59,8 +59,8 @@ static int parse_policy_line(
if (ret) if (ret)
return ret; return ret;
*parent = make_kuid(current_user_ns(), parsed_parent); *parent = make_kuid(file->f_cred->user_ns, parsed_parent);
*child = make_kuid(current_user_ns(), parsed_child); *child = make_kuid(file->f_cred->user_ns, parsed_child);
if (!uid_valid(*parent) || !uid_valid(*child)) if (!uid_valid(*parent) || !uid_valid(*child))
return -EINVAL; return -EINVAL;
...@@ -92,7 +92,7 @@ static ssize_t safesetid_file_write(struct file *file, ...@@ -92,7 +92,7 @@ static ssize_t safesetid_file_write(struct file *file,
kuid_t child; kuid_t child;
int ret; int ret;
if (!ns_capable(current_user_ns(), CAP_MAC_ADMIN)) if (!file_ns_capable(file, &init_user_ns, CAP_MAC_ADMIN))
return -EPERM; return -EPERM;
if (*ppos != 0) if (*ppos != 0)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment