Re: [PATCH v2 01/11] coccinelle: Add script to reorder capable() calls

From: Theodore Ts'o
Date: Mon Mar 17 2025 - 23:45:52 EST

Next message: Andrew Morton: "Re: [PATCH V2] mm/cma: using per-CMA locks to improve concurrent allocation performance"
Previous message: I Hsin Cheng: "[PATCH] fat: Refactor fat_tolower with branchless implementation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 02 Mar 2025 17:06:48 +0100, Christian Göttsche wrote:
> capable() calls refer to enabled LSMs whether to permit or deny the
> request. This is relevant in connection with SELinux, where a
> capability check results in a policy decision and by default a denial
> message on insufficient permission is issued.
> It can lead to three undesired cases:
> 1. A denial message is generated, even in case the operation was an
> unprivileged one and thus the syscall succeeded, creating noise.
> 2. To avoid the noise from 1. the policy writer adds a rule to ignore
> those denial messages, hiding future syscalls, where the task
> performs an actual privileged operation, leading to hidden limited
> functionality of that task.
> 3. To avoid the noise from 1. the policy writer adds a rule to permit
> the task the requested capability, while it does not need it,
> violating the principle of least privilege.
>
> [...]

Applied, thanks!

[03/11] ext4: reorder capability check last
commit: 26f5784d44c3f824c864245b506db809b51053cf

Best regards,
--
Theodore Ts'o <tytso@xxxxxxx>

Next message: Andrew Morton: "Re: [PATCH V2] mm/cma: using per-CMA locks to improve concurrent allocation performance"
Previous message: I Hsin Cheng: "[PATCH] fat: Refactor fat_tolower with branchless implementation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]