security: keys: perform capable check only on privileged operations - kernel/linux.git

diff options

author	Christian Göttsche <cgzones@googlemail.com>	2023-05-11 15:32:52 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2023-09-19 13:20:05 +0300
commit	654e3d27791cc179a0a6b0657b9a182b66447a7e (patch)
tree	7c857b9f73ead1f63716815547d40abe2d2ba259 /security/inode.c
parent	b23cbd3c2518df8ff50367c98356577b59d730f3 (diff)
download	linux-654e3d27791cc179a0a6b0657b9a182b66447a7e.tar.xz

security: keys: perform capable check only on privileged operations

[ Upstream commit 2d7f105edbb3b2be5ffa4d833abbf9b6965e9ce7 ] If the current task fails the check for the queried capability via `capable(CAP_SYS_ADMIN)` LSMs like SELinux generate a denial message. Issuing such denial messages unnecessarily can lead to a policy author granting more privileges to a subject than needed to silence them. Reorder CAP_SYS_ADMIN checks after the check whether the operation is actually privileged. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>

Diffstat (limited to 'security/inode.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: