On Fri, Aug 10, 2018 at 09:09:31AM -0700, Darrick J. Wong wrote: > On Fri, Aug 10, 2018 at 12:22:29PM +0300, Dan Carpenter wrote: > > Hi XFS devs, > > > > We received this email on security@xxxxxxxxxx. This is under > > CAP_SYS_ADMIN, but it maybe should also check with selinux? > > Hmm, so the point of adding a security_inode_readlink call would be to > restrict userland access xfs_readlink_by_handle further in case the > system has a policy whereby even possessing CAP_SYS_ADMIN is not by > itself sufficient to be able to read a symlink? > > IOWs, are there security policies where CAP_SYS_ADMIN isn't a "get > access to everything" wildcard? I imagine the answer is "yes" and > therefore xfs needs the call, but I thought I'd ask first. > Yeah... Forget about it. I pushed this out to you without really thinking about it, just to get it off my todo list and that wasn't the right thing. regards, dan carpenter
