On Mon, Feb 11, 2019 at 07:02:06PM -0600, Eric W. Biederman wrote: > Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> writes: > > > 4.20-stable review patch. If anyone has any objections, please let me > > know. > > No objection. But I think of this as a feature addition rather than a > fix for something. As a feature that we now allow something we > previously did not does this qualify for a backport to stable? Hi, I had the exact same thought when I saw this this morning, and was planning on replying tonight. > It is probably no more harmful in this instance than adding PCI IDs to a > driver. So I am not worried. I am curious the current guidelines > are. > > In most cases a small relaxation of permissions like this requires a lot > of bug fixing as typically code protected by capable(CAP_XXX) has been > written and tested assuming a trusted root user. Those bug fixes are > many times too large for a stable backport. > > Eric > > > > ------------------ > > > > [ Upstream commit 8da0b4f692c6d90b09c91f271517db746a22ff67 ] > > > > Access to timerslack_ns is controlled by a process having CAP_SYS_NICE > > in its effective capability set, but the current check looks in the root > > namespace instead of the process' user namespace. Since a process is > > allowed to do other activities controlled by CAP_SYS_NICE inside a > > namespace, it should also be able to adjust timerslack_ns. > > > > Link: http://lkml.kernel.org/r/20181030180012.232896-1-bmgordon@xxxxxxxxxx > > Signed-off-by: Benjamin Gordon <bmgordon@xxxxxxxxxx> > > Acked-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> > > Cc: John Stultz <john.stultz@xxxxxxxxxx> > > Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> > > Cc: Kees Cook <keescook@xxxxxxxxxxxx> > > Cc: "Serge E. Hallyn" <serge@xxxxxxxxxx> > > Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx> > > Cc: Arjan van de Ven <arjan@xxxxxxxxxxxxxxx> > > Cc: Oren Laadan <orenl@xxxxxxxxxxx> > > Cc: Ruchi Kandoi <kandoiruchi@xxxxxxxxxx> > > Cc: Rom Lemarchand <romlem@xxxxxxxxxxx> > > Cc: Todd Kjos <tkjos@xxxxxxxxxx> > > Cc: Colin Cross <ccross@xxxxxxxxxxx> > > Cc: Nick Kralevich <nnk@xxxxxxxxxx> > > Cc: Dmitry Shmidt <dimitrysh@xxxxxxxxxx> > > Cc: Elliott Hughes <enh@xxxxxxxxxx> > > Cc: Alexey Dobriyan <adobriyan@xxxxxxxxx> > > Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> > > Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> > > Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> > > --- > > fs/proc/base.c | 12 +++++++++--- > > 1 file changed, 9 insertions(+), 3 deletions(-) > > > > diff --git a/fs/proc/base.c b/fs/proc/base.c > > index ce3465479447..98525af0953e 100644 > > --- a/fs/proc/base.c > > +++ b/fs/proc/base.c > > @@ -2356,10 +2356,13 @@ static ssize_t timerslack_ns_write(struct file *file, const char __user *buf, > > return -ESRCH; > > > > if (p != current) { > > - if (!capable(CAP_SYS_NICE)) { > > + rcu_read_lock(); > > + if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) { > > + rcu_read_unlock(); > > count = -EPERM; > > goto out; > > } > > + rcu_read_unlock(); > > > > err = security_task_setscheduler(p); > > if (err) { > > @@ -2392,11 +2395,14 @@ static int timerslack_ns_show(struct seq_file *m, void *v) > > return -ESRCH; > > > > if (p != current) { > > - > > - if (!capable(CAP_SYS_NICE)) { > > + rcu_read_lock(); > > + if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) { > > + rcu_read_unlock(); > > err = -EPERM; > > goto out; > > } > > + rcu_read_unlock(); > > + > > err = security_task_getscheduler(p); > > if (err) > > goto out;
