Re: [RFC PATCH] sched: do not issue an audit on unprivileged operation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Sep 2, 2020 at 5:17 PM Stephen Smalley
<stephen.smalley.work@xxxxxxxxx> wrote:
> On Wed, Sep 2, 2020 at 7:18 AM Christian Göttsche
> <cgzones@xxxxxxxxxxxxxx> wrote:
> >
> > sched_setattr(2) does via kernel/sched/core.c:__sched_setscheduler()
> > issue a CAP_SYS_NICE audit unconditionally, even when the requested
> > operation does not require that capability.
> >
> > Use an unaudited check first and perform an additional audited check
> > only on an actual permission denial.
>
> Could we just delay calling capable() until we know we need it?

Yes, please - because with this patch it could happen that an LSM
policy changes between the ns_capable_noaudit() call and capable()
call, such that the first one is denied and the second one allowed, in
which case the operation would fail without being audited.

-- 
Ondrej Mosnacek
Software Engineer, Platform Security - SELinux kernel
Red Hat, Inc.





[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux