archives/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-03-13 23:46:14 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/include
History
Ondrej Mosnacek 8924336531 ipc: don't audit capability check in ipc_permissions() 
The IPC sysctls implement the ctl_table_root::permissions hook and they
override the file access mode based on the CAP_CHECKPOINT_RESTORE
capability, which is being checked regardless of whether any access is
actually denied or not, so if an LSM denies the capability, an audit
record may be logged even when access is in fact granted.

It wouldn't be viable to restructure the sysctl permission logic to only
check the capability when the access would be actually denied if it's not
granted.  Thus, do the same as in net_ctl_permissions() (net/sysctl_net.c)
- switch from ns_capable() to ns_capable_noaudit(), so that the check
never emits an audit record.

Link: https://lkml.kernel.org/r/20260122141303.241133-1-omosnace@redhat.com
Fixes: 0889f44e28 ("ipc: Check permissions for checkpoint_restart sysctls at open time")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Acked-by: Alexey Gladkov <legion@kernel.org>
Acked-by: Serge Hallyn <serge@hallyn.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Paul Moore <paul@paul-moore.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2026-01-31 16:16:07 -08:00
..
acpi ACPI: PCI: IRQ: Fix INTx GSIs signedness 2026-01-05 19:06:40 +01:00
asm-generic atomic: specify alignment for atomic_t and atomic64_t 2026-01-26 19:07:14 -08:00
clocksource
crypto This update includes the following changes: 2025-12-03 11:28:38 -08:00
cxl
drm drm-misc-fixes for v6.19-rc6: 2026-01-16 20:27:21 +01:00
dt-bindings This pull request is entirely SoC clk drivers, not for lack of trying to modify 2025-12-08 09:38:52 +09:00
hyperv hyperv: Avoid -Wflex-array-member-not-at-end warning 2025-12-18 19:42:01 +00:00
keys
kunit kunit: Enforce task execution in {soft,hard}irq contexts 2025-12-22 12:20:08 -08:00
kvm
linux ipc: don't audit capability check in ipc_permissions() 2026-01-31 16:16:07 -08:00
math-emu
media
memory
misc
net net: add net.core.qdisc_max_burst 2026-01-13 10:12:11 +01:00
pcmcia
ras Significant patch series in this merge are as follows: 2025-12-05 13:52:43 -08:00
rdma
rv rv: Fix compilation if !CONFIG_RV_REACTORS 2025-12-02 12:33:37 -05:00
scsi scsi: core: Fix error handler encryption support 2026-01-04 15:16:20 -05:00
soc This pull request is entirely SoC clk drivers, not for lack of trying to modify 2025-12-08 09:38:52 +09:00
sound ALSA: pcm: Improve the fix for race of buffer access at PCM OSS layer 2026-01-08 08:07:54 +01:00
target
trace nfsd-6.19 fixes: 2026-01-06 09:12:52 -08:00
uapi delayacct: add timestamp of delay max 2026-01-31 16:16:06 -08:00
ufs
vdso
video
xen
Kbuild