Re: [RFC][PATCH 1/2 v2] proc: Relax /proc/<tid>/timerslack_ns capability requirements
From: John Stultz
Date: Fri Jul 15 2016 - 16:03:19 EST
On Fri, Jul 15, 2016 at 12:55 PM, Nick Kralevich <nnk@xxxxxxxxxx> wrote:
> On Fri, Jul 15, 2016 at 10:24 AM, John Stultz <john.stultz@xxxxxxxxxx> wrote:
>> + if (!capable(CAP_SYS_NICE))
>> + return -EPERM;
>> +
>> p = get_proc_task(inode);
>> if (!p)
>> return -ESRCH;
>
> The capable(CAP_SYS_NICE) permission check should be moved to this
> point, since it doesn't make sense to return EPERM if the task
> structure doesn't exist.
Ok. Will move it.
>> @@ -2300,22 +2300,21 @@ static int timerslack_ns_show(struct seq_file *m, void *v)
>> {
>> struct inode *inode = m->private;
>> struct task_struct *p;
>> - int err = 0;
>> +
>> + if (!capable(CAP_SYS_NICE))
>> + return -EPERM;
>
> This should also have a similar LSM check for reads. For the SELinux
> implementation, this can map to the PROCESS__GETSCHED permission.
Ok. I'll wire that in as well.
Would adding both selinux_task_get and set methods in the same patch
be ok? Or would folks prefer they be split into two?
Thanks for the feedback!
-john