averello/linux-stable-mirror
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2026-04-03 12:05:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
2eff9d3537b8bcf7cf3d07a3176ec070c19d1643
linux-stable-mirror/kernel
History
Ondrej Mosnacek 530d1ecd36 ucount: check for CAP_SYS_RESOURCE using ns_capable_noaudit() 
[ Upstream commit 0895a000e4 ]

The user.* sysctls implement the ctl_table_root::permissions hook and they
override the file access mode based on the CAP_SYS_RESOURCE capability (at
most rwx if capable, at most r-- if not).  The capability is being checked
unconditionally, so if an LSM denies the capability, an audit record may
be logged even when access is in fact granted.

Given the logic in the set_permissions() function in kernel/ucount.c and
the unfortunate way the permission checking is implemented, it doesn't
seem viable to avoid false positive denials by deferring the capability
check.  Thus, do the same as in net_ctl_permissions() (net/sysctl_net.c) -
switch from ns_capable() to ns_capable_noaudit(), so that the check never
logs an audit record.

Link: https://lkml.kernel.org/r/20260122140745.239428-1-omosnace@redhat.com
Fixes: dbec28460a ("userns: Add per user namespace sysctls.")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Reviewed-by: Paul Moore <paul@paul-moore.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Alexey Gladkov <legion@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2026-03-04 07:20:08 -05:00
..
bpf
bpf: Preserve id of register in sync_linked_regs()
2026-03-04 07:19:34 -05:00
cgroup
cpuset: Fix missing adaptation for cpuset_is_populated
2026-02-19 16:29:55 +01:00
configs
debug
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
dma
dma/pool: distinguish between missing and exhausted atomic pools
2026-02-06 16:55:44 +01:00
entry
events
perf: sched: Fix perf crash with new is_user_task() helper
2026-02-06 16:55:50 +01:00
futex
futex: Don't leak robust_list pointer on exec race
2025-11-13 15:34:06 -05:00
gcov
gcov: add support for GCC 15
2025-11-24 10:35:59 +01:00
irq
genirq/irq_sim: Initialize work context pointers properly
2025-07-10 16:05:07 +02:00
kcsan
kcsan: test: Initialize dummy variable
2025-08-15 12:13:46 +02:00
livepatch
livepatch: Match old_sympos 0 and 1 in klp_find_func()
2026-01-08 10:13:56 +01:00
locking
locktorture: Fix memory leak in param_set_cpumask()
2025-12-18 13:54:54 +01:00
module
module: add helper function for reading module_buildid()
2026-03-04 07:20:02 -05:00
power
PM: hibernate: Use atomic64_t for compressed_size variable
2025-11-24 10:36:03 +01:00
printk
printk: nbcon: Allow reacquire during panic
2025-08-20 18:30:47 +02:00
rcu
rcu: Fix rcu_read_unlock() deadloop due to softirq
2026-03-04 07:19:21 -05:00
sched
sched/rt: Skip currently executing CPU in rto_next_cpu()
2026-03-04 07:19:40 -05:00
time
hrtimer: Fix trace oddity
2026-03-04 07:19:34 -05:00
trace
kallsyms/ftrace: set module buildid in ftrace_mod_address_lookup()
2026-03-04 07:20:02 -05:00
.gitignore
acct.c
acct: block access to kernel internal filesystems
2025-02-27 04:30:23 -08:00
async.c
audit_fsnotify.c
audit_tree.c
audit_watch.c
audit.c
audit.h
audit,module: restore audit logging in load failure case
2025-08-15 12:13:31 +02:00
auditfilter.c
auditsc.c
audit,module: restore audit logging in load failure case
2025-08-15 12:13:31 +02:00
backtracetest.c
bounds.c
capability.c
cfi.c
compat.c
configs.c
context_tracking.c
cpu_pm.c
cpu.c
watchdog/hardlockup/perf: Fix perf_event memory leak
2025-04-10 14:39:11 +02:00
crash_core.c
crash: fix crashkernel resource shrink
2025-11-24 10:36:01 +01:00
crash_reserve.c
cred.c
delayacct.c
dma.c
elfcorehdr.c
exec_domain.c
exit.c
perf: Fix sample vs do_exit()
2025-06-27 11:11:45 +01:00
exit.h
extable.c
fail_function.c
fork.c
copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64)
2025-10-19 16:33:48 +02:00
freezer.c
sched,freezer: Remove unnecessary warning in __thaw_task
2025-07-24 08:56:37 +02:00
gen_kheaders.sh
kheaders: Ignore silly-rename files
2025-01-23 17:22:55 +01:00
groups.c
hung_task.c
iomem.c
irq_work.c
jump_label.c
jump_label: Fix static_key_slow_dec() yet again
2024-09-10 11:57:27 +02:00
kallsyms_internal.h
kallsyms_selftest.c
kallsyms_selftest.h
kallsyms.c
kallsyms/ftrace: set module buildid in ftrace_mod_address_lookup()
2026-03-04 07:20:02 -05:00
kcmp.c
Kconfig.freezer
Kconfig.hz
Kconfig.kexec
crash, powerpc: default to CRASH_DUMP=n on PPC_BOOK3S_32
2024-11-14 22:43:48 -08:00
Kconfig.locks
Kconfig.preempt
kcov.c
kcov: mark in_softirq_really() as __always_inline
2025-01-09 13:33:49 +01:00
kexec_core.c
kexec_elf.c
kexec: initialize ELF lowest address to ULONG_MAX
2025-04-10 14:39:24 +02:00
kexec_file.c
kexec_internal.h
kexec.c
kheaders.c
kprobes.c
ksyms_common.c
ksysfs.c
kthread.c
kthread: unpark only parked kthread
2024-10-09 12:47:19 -07:00
latencytop.c
Makefile
module_signature.c
notifier.c
nsproxy.c
padata.c
padata: Reset next CPU when reorder sequence wraps around
2025-10-23 16:20:42 +02:00
panic.c
objtool, panic: Disable SMAP in __stack_chk_fail()
2025-05-02 07:59:19 +02:00
params.c
module: ensure that kobject_put() is safe for module type kobjects
2025-05-18 08:24:54 +02:00
pid_namespace.c
pid_sysctl.h
pid.c
pid: Add a judgment for ns null in pid_nr_ns
2025-10-19 16:34:05 +02:00
profile.c
ptrace.c
range.c
reboot.c
Flush console log from kernel_power_off()
2025-04-20 10:15:12 +02:00
regset.c
relay.c
[tree-wide] finally take no_llseek out
2024-09-27 08:18:43 -07:00
resource_kunit.c
resource, kunit: fix user-after-free in resource_test_region_intersects()
2024-10-09 12:47:19 -07:00
resource.c
Reinstate "resource: avoid unnecessary lookups in find_next_iomem_res()"
2025-12-18 13:55:11 +01:00
rseq.c
rseq: Protect event mask against membarrier IPI
2025-10-19 16:33:34 +02:00
scftorture.c
scs.c
scs: fix a wrong parameter in __scs_magic
2026-01-08 10:14:21 +01:00
seccomp.c
seccomp: passthrough uprobe systemcall without filtering
2025-11-02 22:15:20 +09:00
signal.c
pidfs: improve multi-threaded exec and premature thread-group leader exit polling
2025-05-29 11:02:09 +02:00
smp.c
smp: Fix up and expand the smp_call_function_many() kerneldoc
2025-10-15 12:00:02 +02:00
smpboot.c
smpboot.h
softirq.c
lockdep: Fix wait context check on softirq for PREEMPT_RT
2025-05-29 11:02:08 +02:00
stackleak.c
stacktrace.c
static_call_inline.c
x86/static-call: provide a way to do very early static-call updates
2024-12-19 18:13:23 +01:00
static_call.c
stop_machine.c
sched/core: Fix migrate_swap() vs. hotplug
2025-07-17 18:37:03 +02:00
sys_ni.c
sys.c
kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths
2025-10-19 16:33:51 +02:00
sysctl-test.c
sysctl.c
task_work.c
task_work: Fix NMI race condition
2025-12-18 13:54:50 +01:00
taskstats.c
torture.c
tracepoint.c
tracepoint: Support iterating tracepoints in a loading module
2024-09-25 23:23:44 +09:00
tsacct.c
ucount.c
ucount: check for CAP_SYS_RESOURCE using ns_capable_noaudit()
2026-03-04 07:20:08 -05:00
uid16.c
uid16.h
umh.c
up.c
user_namespace.c
user_namespace: use kmemdup_array() instead of kmemdup() for multiple allocation
2024-09-09 16:47:42 -07:00
user-return-notifier.c
user.c
uidgid: make sure we fit into one cacheline
2024-09-12 12:16:09 +02:00
usermode_driver.c
utsname_sysctl.c
utsname.c
vhost_task.c
vhost: Take a reference on the task in struct vhost_task.
2025-10-02 13:44:10 +02:00
vmcore_info.c
watch_queue.c
watch_queue: fix pipe accounting mismatch
2025-04-10 14:39:10 +02:00
watchdog_buddy.c
watchdog_perf.c
watchdog/hardlockup/perf: Fix perf_event memory leak
2025-04-10 14:39:11 +02:00
watchdog.c
watchdog: fix watchdog may detect false positive of softlockup
2025-06-27 11:11:22 +01:00
workqueue_internal.h
workqueue.c
workqueue: Process rescuer work items one-by-one using a cursor
2026-03-04 07:19:49 -05:00