Re: [PATCH v1 2/2] seccomp: Set PF_SUPERPRIV when checking capability

From: Jann Horn
Date: Fri Oct 30 2020 - 11:34:34 EST

Next message: Rob Herring: "Re: [PATCH v3 1/2] dt-bindings: can: add can-controller.yaml"
Previous message: Jakub Kicinski: "Re: [PATCH net-next] net: phy: realtek: Add support for RTL8221B-CG series"
In reply to: Mickaël Salaün: "[PATCH v1 2/2] seccomp: Set PF_SUPERPRIV when checking capability"
Next in thread: Mickaël Salaün: "[PATCH v1 1/2] ptrace: Set PF_SUPERPRIV when checking capability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Oct 30, 2020 at 1:39 PM Mickaël Salaün <mic@xxxxxxxxxxx> wrote:
> Replace the use of security_capable(current_cred(), ...) with
> ns_capable_noaudit() which set PF_SUPERPRIV.
>
> Since commit 98f368e9e263 ("kernel: Add noaudit variant of
> ns_capable()"), a new ns_capable_noaudit() helper is available. Let's
> use it!
>
> Cc: Jann Horn <jannh@xxxxxxxxxx>
> Cc: Kees Cook <keescook@xxxxxxxxxxxx>
> Cc: Tyler Hicks <tyhicks@xxxxxxxxxxxxxxxxxxx>
> Cc: Will Drewry <wad@xxxxxxxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: e2cfabdfd075 ("seccomp: add system call filtering using BPF")
> Signed-off-by: Mickaël Salaün <mic@xxxxxxxxxxxxxxxxxxx>

Reviewed-by: Jann Horn <jannh@xxxxxxxxxx>

Next message: Rob Herring: "Re: [PATCH v3 1/2] dt-bindings: can: add can-controller.yaml"
Previous message: Jakub Kicinski: "Re: [PATCH net-next] net: phy: realtek: Add support for RTL8221B-CG series"
In reply to: Mickaël Salaün: "[PATCH v1 2/2] seccomp: Set PF_SUPERPRIV when checking capability"
Next in thread: Mickaël Salaün: "[PATCH v1 1/2] ptrace: Set PF_SUPERPRIV when checking capability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]