[GIT PULL] sys fixes
From: Christian Brauner
Date: Tue Aug 31 2021 - 06:03:41 EST
Hi Linus,
/* Summary */
This contains a single fix to set_user() which aligns permission checks with
the corresponding fork() codepath. Noone involved in this could come up with a
reason for the difference. A capable caller can already circumvent the check
when they fork where the permission checks are already for the relevant
capabilities in addition to also allowing to exceed nproc when it is the init
user. Apply the same logic to set_user().
(In case any question come up I'll be on vacation next week so responding might
take a while.)
/* Testing */
All patches are based on v5.14-rc5 and have been sitting in linux-next. No
build failures or warnings were observed. All old and new tests are passing.
/* Conflicts */
At the time of creating this PR no merge conflicts were reported from
linux-next and no merge conflicts showed up doing a test-merge with current
mainline.
The following changes since commit 36a21d51725af2ce0700c6ebcb6b9594aac658a6:
Linux 5.14-rc5 (2021-08-08 13:49:31 -0700)
are available in the Git repository at:
git@xxxxxxxxxxxxxxxxxxx:pub/scm/linux/kernel/git/brauner/linux tags/kernel.sys.v5.15
for you to fetch changes up to 2863643fb8b92291a7e97ba46e342f1163595fa8:
set_user: add capability check when rlimit(RLIMIT_NPROC) exceeds (2021-08-12 14:54:25 +0200)
Please consider pulling these changes from the signed kernel.sys.v5.15 tag.
Thanks!
Christian
----------------------------------------------------------------
kernel.sys.v5.15
----------------------------------------------------------------
Ran Xiaokai (1):
set_user: add capability check when rlimit(RLIMIT_NPROC) exceeds
kernel/sys.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)