LSM: SafeSetID: fix userns handling in securityfs (71a98971) · Commits · 戴 / test

Looking at current_cred() in write handlers is bad form, stop doing that. Also, let's just require that the write is coming from the initial user namespace. Especially SAFESETID_WHITELIST_FLUSH requires privilege over all namespaces, and SAFESETID_WHITELIST_ADD should probably require it as well. Signed-off-by:

Jann Horn <jannh@google.com> Signed-off-by:

Micah Morton <mortonm@chromium.org>

security/safesetid/securityfs.c

+3 −3

Original line number	Diff line number	Diff line
		@@ -59,8 +59,8 @@ static int parse_policy_line(
		if (ret)
		return ret;

		*parent = make_kuid(current_user_ns(), parsed_parent);
		*child = make_kuid(current_user_ns(), parsed_child);
		*parent = make_kuid(file->f_cred->user_ns, parsed_parent);
		*child = make_kuid(file->f_cred->user_ns, parsed_child);
		if (!uid_valid(parent) \|\| !uid_valid(child))
		return -EINVAL;

		@@ -92,7 +92,7 @@ static ssize_t safesetid_file_write(struct file *file,
		kuid_t child;
		int ret;

		if (!ns_capable(current_user_ns(), CAP_MAC_ADMIN))
		if (!file_ns_capable(file, &init_user_ns, CAP_MAC_ADMIN))
		return -EPERM;

		if (*ppos != 0)

Admin message