diff options
author | Christian Göttsche <cgzones@googlemail.com> | 2023-05-11 15:32:52 +0300 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2023-09-19 13:20:05 +0300 |
commit | 654e3d27791cc179a0a6b0657b9a182b66447a7e (patch) | |
tree | 7c857b9f73ead1f63716815547d40abe2d2ba259 /security/inode.c | |
parent | b23cbd3c2518df8ff50367c98356577b59d730f3 (diff) | |
download | linux-654e3d27791cc179a0a6b0657b9a182b66447a7e.tar.xz |
security: keys: perform capable check only on privileged operations
[ Upstream commit 2d7f105edbb3b2be5ffa4d833abbf9b6965e9ce7 ]
If the current task fails the check for the queried capability via
`capable(CAP_SYS_ADMIN)` LSMs like SELinux generate a denial message.
Issuing such denial messages unnecessarily can lead to a policy author
granting more privileges to a subject than needed to silence them.
Reorder CAP_SYS_ADMIN checks after the check whether the operation is
actually privileged.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'security/inode.c')
0 files changed, 0 insertions, 0 deletions