| From 5c2e9f346b815841f9bed6029ebcb06415caf640 Mon Sep 17 00:00:00 2001 |
| From: Mark Salyzyn <salyzyn@android.com> |
| Date: Thu, 29 Aug 2019 11:30:14 -0700 |
| Subject: ovl: filter of trusted xattr results in audit |
| |
| From: Mark Salyzyn <salyzyn@android.com> |
| |
| commit 5c2e9f346b815841f9bed6029ebcb06415caf640 upstream. |
| |
| When filtering xattr list for reading, presence of trusted xattr |
| results in a security audit log. However, if there is other content |
| no errno will be set, and if there isn't, the errno will be -ENODATA |
| and not -EPERM as is usually associated with a lack of capability. |
| The check does not block the request to list the xattrs present. |
| |
| Switch to ns_capable_noaudit to reflect a more appropriate check. |
| |
| Signed-off-by: Mark Salyzyn <salyzyn@android.com> |
| Cc: linux-security-module@vger.kernel.org |
| Cc: kernel-team@android.com |
| Cc: stable@vger.kernel.org # v3.18+ |
| Fixes: a082c6f680da ("ovl: filter trusted xattr for non-admin") |
| Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| fs/overlayfs/inode.c | 3 ++- |
| 1 file changed, 2 insertions(+), 1 deletion(-) |
| |
| --- a/fs/overlayfs/inode.c |
| +++ b/fs/overlayfs/inode.c |
| @@ -234,7 +234,8 @@ static bool ovl_can_list(const char *s) |
| return true; |
| |
| /* Never list trusted.overlay, list other trusted for superuser only */ |
| - return !ovl_is_private_xattr(s) && capable(CAP_SYS_ADMIN); |
| + return !ovl_is_private_xattr(s) && |
| + ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN); |
| } |
| |
| ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size) |