| Message ID | 20220325150419.944556173@linuxfoundation.org |
|---|---|
| State | New |
| Headers | show
Return-Path: <stable-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
by smtp.lore.kernel.org (Postfix) with ESMTP id F120CC433FE
for <stable@archiver.kernel.org>; Fri, 25 Mar 2022 15:14:38 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S244486AbiCYPQH (ORCPT <rfc822;stable@archiver.kernel.org>);
Fri, 25 Mar 2022 11:16:07 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43460 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S1376602AbiCYPNK (ORCPT
<rfc822;stable@vger.kernel.org>); Fri, 25 Mar 2022 11:13:10 -0400
Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 03FAB89327;
Fri, 25 Mar 2022 08:10:06 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ams.source.kernel.org (Postfix) with ESMTPS id 64D14B828F8;
Fri, 25 Mar 2022 15:09:59 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id A29D1C36AE2;
Fri, 25 Mar 2022 15:09:57 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
s=korg; t=1648220998;
bh=8EStCMiTMJGNGHKv7g5jLqJK2FpaF8m/Jn+cIEii0YA=;
h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
b=KjjSAddAXMhSg9RSx8ZJZLqw/lBD0ssnFNIO8IJB0TtTYaxc5wBXFVulc6SAhNOlX
VSUJ1O7WqW45b79CG63c0g/YD4hxZ2yzeUL6s1CBb2+UjOXw/mjGKIKltlBW3zHmza
FPkRbe301MId6RQrEYhCLNbmpK4gU14XFJYjKaxo=
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, stable@vger.kernel.org,
=?utf-8?q?Michal_Koutn=C3=BD?= <mkoutny@suse.com>,
"Masami Ichikawa(CIP)" <masami.ichikawa@cybertrust.co.jp>,
Tejun Heo <tj@kernel.org>
Subject: [PATCH 5.10 06/38] cgroup-v1: Correct privileges check in
release_agent writes
Date: Fri, 25 Mar 2022 16:04:50 +0100
Message-Id: <20220325150419.944556173@linuxfoundation.org>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220325150419.757836392@linuxfoundation.org>
References: <20220325150419.757836392@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <stable.vger.kernel.org>
X-Mailing-List: stable@vger.kernel.org
|
| Series |
None
|
expand
|
--- a/kernel/cgroup/cgroup-v1.c +++ b/kernel/cgroup/cgroup-v1.c @@ -544,6 +544,7 @@ static ssize_t cgroup_release_agent_writ char *buf, size_t nbytes, loff_t off) { struct cgroup *cgrp; + struct cgroup_file_ctx *ctx; BUILD_BUG_ON(sizeof(cgrp->root->release_agent_path) < PATH_MAX); @@ -551,8 +552,9 @@ static ssize_t cgroup_release_agent_writ * Release agent gets called with all capabilities, * require capabilities to set release agent. */ - if ((of->file->f_cred->user_ns != &init_user_ns) || - !capable(CAP_SYS_ADMIN)) + ctx = of->priv; + if ((ctx->ns->user_ns != &init_user_ns) || + !file_ns_capable(of->file, &init_user_ns, CAP_SYS_ADMIN)) return -EPERM; cgrp = cgroup_kn_lock_live(of->kn, false);