On Mon, Feb 11, 2019 at 07:02:06PM -0600, Eric W. Biederman wrote: > Greg Kroah-Hartman <gre...@linuxfoundation.org> writes: > > > 4.20-stable review patch. If anyone has any objections, please let me > > know. > > No objection. But I think of this as a feature addition rather than a > fix for something. As a feature that we now allow something we > previously did not does this qualify for a backport to stable?
Hi, I had the exact same thought when I saw this this morning, and was planning on replying tonight. > It is probably no more harmful in this instance than adding PCI IDs to a > driver. So I am not worried. I am curious the current guidelines > are. > > In most cases a small relaxation of permissions like this requires a lot > of bug fixing as typically code protected by capable(CAP_XXX) has been > written and tested assuming a trusted root user. Those bug fixes are > many times too large for a stable backport. > > Eric > > > > ------------------ > > > > [ Upstream commit 8da0b4f692c6d90b09c91f271517db746a22ff67 ] > > > > Access to timerslack_ns is controlled by a process having CAP_SYS_NICE > > in its effective capability set, but the current check looks in the root > > namespace instead of the process' user namespace. Since a process is > > allowed to do other activities controlled by CAP_SYS_NICE inside a > > namespace, it should also be able to adjust timerslack_ns. > > > > Link: http://lkml.kernel.org/r/20181030180012.232896-1-bmgor...@google.com > > Signed-off-by: Benjamin Gordon <bmgor...@google.com> > > Acked-by: "Eric W. Biederman" <ebied...@xmission.com> > > Cc: John Stultz <john.stu...@linaro.org> > > Cc: "Eric W. Biederman" <ebied...@xmission.com> > > Cc: Kees Cook <keesc...@chromium.org> > > Cc: "Serge E. Hallyn" <se...@hallyn.com> > > Cc: Thomas Gleixner <t...@linutronix.de> > > Cc: Arjan van de Ven <ar...@linux.intel.com> > > Cc: Oren Laadan <or...@cellrox.com> > > Cc: Ruchi Kandoi <kandoiru...@google.com> > > Cc: Rom Lemarchand <rom...@android.com> > > Cc: Todd Kjos <tk...@google.com> > > Cc: Colin Cross <ccr...@android.com> > > Cc: Nick Kralevich <n...@google.com> > > Cc: Dmitry Shmidt <dimitr...@google.com> > > Cc: Elliott Hughes <e...@google.com> > > Cc: Alexey Dobriyan <adobri...@gmail.com> > > Signed-off-by: Andrew Morton <a...@linux-foundation.org> > > Signed-off-by: Linus Torvalds <torva...@linux-foundation.org> > > Signed-off-by: Sasha Levin <sas...@kernel.org> > > --- > > fs/proc/base.c | 12 +++++++++--- > > 1 file changed, 9 insertions(+), 3 deletions(-) > > > > diff --git a/fs/proc/base.c b/fs/proc/base.c > > index ce3465479447..98525af0953e 100644 > > --- a/fs/proc/base.c > > +++ b/fs/proc/base.c > > @@ -2356,10 +2356,13 @@ static ssize_t timerslack_ns_write(struct file > > *file, const char __user *buf, > > return -ESRCH; > > > > if (p != current) { > > - if (!capable(CAP_SYS_NICE)) { > > + rcu_read_lock(); > > + if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) { > > + rcu_read_unlock(); > > count = -EPERM; > > goto out; > > } > > + rcu_read_unlock(); > > > > err = security_task_setscheduler(p); > > if (err) { > > @@ -2392,11 +2395,14 @@ static int timerslack_ns_show(struct seq_file *m, > > void *v) > > return -ESRCH; > > > > if (p != current) { > > - > > - if (!capable(CAP_SYS_NICE)) { > > + rcu_read_lock(); > > + if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) { > > + rcu_read_unlock(); > > err = -EPERM; > > goto out; > > } > > + rcu_read_unlock(); > > + > > err = security_task_getscheduler(p); > > if (err) > > goto out;