On Tue, Sep 8, 2020 at 12:26 PM <peterz@xxxxxxxxxxxxx> wrote: > On Fri, Sep 04, 2020 at 06:00:31PM +0200, Christian Göttsche wrote: > > sched_setattr(2) does via kernel/sched/core.c:__sched_setscheduler() > > issue a CAP_SYS_NICE audit event unconditionally, even when the requested > > operation does not require that capability / is un-privileged. > > > > Perform privilged/unprivileged catigorization first and perform a > > capable test only if needed. > > > > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> > > --- > > kernel/sched/core.c | 65 ++++++++++++++++++++++++++++++++------------- > > 1 file changed, 47 insertions(+), 18 deletions(-) > > So who sodding cares about audit, and why is that a reason to make a > trainwreck of code? The commit message should be more specific. I believe Christian is talking about the case where SELinux or other LSM denies the capability, in which case the denial is usually logged to the audit log. Obviously, we don't want to get a denial logged when the capability wasn't actually required for the operation to be allowed. Unfortunately, the capability interface doesn't provide a way to first get the decision value and only trigger the auditing when it was actually used in the decision, so in complex scenarios like this the caller needs to jump through some hoops to avoid such false-positive denial records. -- Ondrej Mosnacek Software Engineer, Platform Security - SELinux kernel Red Hat, Inc.
