Greg Kroah-Hartman <gre...@linuxfoundation.org> writes: > 4.20-stable review patch. If anyone has any objections, please let me > know.
No objection. But I think of this as a feature addition rather than a fix for something. As a feature that we now allow something we previously did not does this qualify for a backport to stable? It is probably no more harmful in this instance than adding PCI IDs to a driver. So I am not worried. I am curious the current guidelines are. In most cases a small relaxation of permissions like this requires a lot of bug fixing as typically code protected by capable(CAP_XXX) has been written and tested assuming a trusted root user. Those bug fixes are many times too large for a stable backport. Eric > ------------------ > > [ Upstream commit 8da0b4f692c6d90b09c91f271517db746a22ff67 ] > > Access to timerslack_ns is controlled by a process having CAP_SYS_NICE > in its effective capability set, but the current check looks in the root > namespace instead of the process' user namespace. Since a process is > allowed to do other activities controlled by CAP_SYS_NICE inside a > namespace, it should also be able to adjust timerslack_ns. > > Link: http://lkml.kernel.org/r/20181030180012.232896-1-bmgor...@google.com > Signed-off-by: Benjamin Gordon <bmgor...@google.com> > Acked-by: "Eric W. Biederman" <ebied...@xmission.com> > Cc: John Stultz <john.stu...@linaro.org> > Cc: "Eric W. Biederman" <ebied...@xmission.com> > Cc: Kees Cook <keesc...@chromium.org> > Cc: "Serge E. Hallyn" <se...@hallyn.com> > Cc: Thomas Gleixner <t...@linutronix.de> > Cc: Arjan van de Ven <ar...@linux.intel.com> > Cc: Oren Laadan <or...@cellrox.com> > Cc: Ruchi Kandoi <kandoiru...@google.com> > Cc: Rom Lemarchand <rom...@android.com> > Cc: Todd Kjos <tk...@google.com> > Cc: Colin Cross <ccr...@android.com> > Cc: Nick Kralevich <n...@google.com> > Cc: Dmitry Shmidt <dimitr...@google.com> > Cc: Elliott Hughes <e...@google.com> > Cc: Alexey Dobriyan <adobri...@gmail.com> > Signed-off-by: Andrew Morton <a...@linux-foundation.org> > Signed-off-by: Linus Torvalds <torva...@linux-foundation.org> > Signed-off-by: Sasha Levin <sas...@kernel.org> > --- > fs/proc/base.c | 12 +++++++++--- > 1 file changed, 9 insertions(+), 3 deletions(-) > > diff --git a/fs/proc/base.c b/fs/proc/base.c > index ce3465479447..98525af0953e 100644 > --- a/fs/proc/base.c > +++ b/fs/proc/base.c > @@ -2356,10 +2356,13 @@ static ssize_t timerslack_ns_write(struct file *file, > const char __user *buf, > return -ESRCH; > > if (p != current) { > - if (!capable(CAP_SYS_NICE)) { > + rcu_read_lock(); > + if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) { > + rcu_read_unlock(); > count = -EPERM; > goto out; > } > + rcu_read_unlock(); > > err = security_task_setscheduler(p); > if (err) { > @@ -2392,11 +2395,14 @@ static int timerslack_ns_show(struct seq_file *m, > void *v) > return -ESRCH; > > if (p != current) { > - > - if (!capable(CAP_SYS_NICE)) { > + rcu_read_lock(); > + if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) { > + rcu_read_unlock(); > err = -EPERM; > goto out; > } > + rcu_read_unlock(); > + > err = security_task_getscheduler(p); > if (err) > goto out;
