Quoting Matt Helsley (matthltc@xxxxxxxxxx):
> For reference, here's sigio_perm():
>
> static inline int sigio_perm(struct task_struct *p,
> struct fown_struct *fown, int sig)
> {
> const struct cred *cred;
> int ret;
>
> rcu_read_lock();
> cred = __task_cred(p);
> ret = ((fown->euid == 0 ||
> fown->euid == cred->suid || fown->euid == cred->uid ||
> fown->uid == cred->suid || fown->uid == cred->uid) &&
> !security_file_send_sigiotask(p, fown, sig));
> rcu_read_unlock();
> return ret;
> }
>
> [ My Notes: unlike check_kill_permission() it does not check CAP_KILL.
Right, that's bc we don't store capabilities in the fown_struct.
So fown->euid==0 is all we can do. Since this can be called from
interrupt, current is not useful.
> Also check_kill_permission() calls audit as if the signal is about to be
> delivered but sigio_perm() does not. ]
-serge
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
