Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> writes: > 4.20-stable review patch. If anyone has any objections, please let me > know. No objection. But I think of this as a feature addition rather than a fix for something. As a feature that we now allow something we previously did not does this qualify for a backport to stable? It is probably no more harmful in this instance than adding PCI IDs to a driver. So I am not worried. I am curious the current guidelines are. In most cases a small relaxation of permissions like this requires a lot of bug fixing as typically code protected by capable(CAP_XXX) has been written and tested assuming a trusted root user. Those bug fixes are many times too large for a stable backport. Eric > ------------------ > > [ Upstream commit 8da0b4f692c6d90b09c91f271517db746a22ff67 ] > > Access to timerslack_ns is controlled by a process having CAP_SYS_NICE > in its effective capability set, but the current check looks in the root > namespace instead of the process' user namespace. Since a process is > allowed to do other activities controlled by CAP_SYS_NICE inside a > namespace, it should also be able to adjust timerslack_ns. > > Link: http://lkml.kernel.org/r/20181030180012.232896-1-bmgordon@xxxxxxxxxx > Signed-off-by: Benjamin Gordon <bmgordon@xxxxxxxxxx> > Acked-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> > Cc: John Stultz <john.stultz@xxxxxxxxxx> > Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> > Cc: Kees Cook <keescook@xxxxxxxxxxxx> > Cc: "Serge E. Hallyn" <serge@xxxxxxxxxx> > Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx> > Cc: Arjan van de Ven <arjan@xxxxxxxxxxxxxxx> > Cc: Oren Laadan <orenl@xxxxxxxxxxx> > Cc: Ruchi Kandoi <kandoiruchi@xxxxxxxxxx> > Cc: Rom Lemarchand <romlem@xxxxxxxxxxx> > Cc: Todd Kjos <tkjos@xxxxxxxxxx> > Cc: Colin Cross <ccross@xxxxxxxxxxx> > Cc: Nick Kralevich <nnk@xxxxxxxxxx> > Cc: Dmitry Shmidt <dimitrysh@xxxxxxxxxx> > Cc: Elliott Hughes <enh@xxxxxxxxxx> > Cc: Alexey Dobriyan <adobriyan@xxxxxxxxx> > Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> > Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> > Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> > --- > fs/proc/base.c | 12 +++++++++--- > 1 file changed, 9 insertions(+), 3 deletions(-) > > diff --git a/fs/proc/base.c b/fs/proc/base.c > index ce3465479447..98525af0953e 100644 > --- a/fs/proc/base.c > +++ b/fs/proc/base.c > @@ -2356,10 +2356,13 @@ static ssize_t timerslack_ns_write(struct file *file, const char __user *buf, > return -ESRCH; > > if (p != current) { > - if (!capable(CAP_SYS_NICE)) { > + rcu_read_lock(); > + if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) { > + rcu_read_unlock(); > count = -EPERM; > goto out; > } > + rcu_read_unlock(); > > err = security_task_setscheduler(p); > if (err) { > @@ -2392,11 +2395,14 @@ static int timerslack_ns_show(struct seq_file *m, void *v) > return -ESRCH; > > if (p != current) { > - > - if (!capable(CAP_SYS_NICE)) { > + rcu_read_lock(); > + if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) { > + rcu_read_unlock(); > err = -EPERM; > goto out; > } > + rcu_read_unlock(); > + > err = security_task_getscheduler(p); > if (err) > goto out;
