releases/4.19.160/seccomp-set-pf_superpriv-when-checking-capability.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From fb14528e443646dd3fd02df4437fcf5265b66baa Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= <mic@linux.microsoft.com>
 Date: Fri, 30 Oct 2020 13:38:49 +0100
 Subject: seccomp: Set PF_SUPERPRIV when checking capability
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit

 From: Mickaël Salaün <mic@linux.microsoft.com>

 commit fb14528e443646dd3fd02df4437fcf5265b66baa upstream.

 Replace the use of security_capable(current_cred(), ...) with
 ns_capable_noaudit() which set PF_SUPERPRIV.

 Since commit 98f368e9e263 ("kernel: Add noaudit variant of
 ns_capable()"), a new ns_capable_noaudit() helper is available.  Let's
 use it!

 Cc: Jann Horn <jannh@google.com>
 Cc: Kees Cook <keescook@chromium.org>
 Cc: Tyler Hicks <tyhicks@linux.microsoft.com>
 Cc: Will Drewry <wad@chromium.org>
 Cc: stable@vger.kernel.org
 Fixes: e2cfabdfd075 ("seccomp: add system call filtering using BPF")
 Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
 Reviewed-by: Jann Horn <jannh@google.com>
 Signed-off-by: Kees Cook <keescook@chromium.org>
 Link: https://lore.kernel.org/r/20201030123849.770769-3-mic@digikod.net
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 ---
  kernel/seccomp.c |    5 ++---
  1 file changed, 2 insertions(+), 3 deletions(-)

 --- a/kernel/seccomp.c
 +++ b/kernel/seccomp.c
 @@ -36,7 +36,7 @@
  #include <linux/filter.h>
  #include <linux/pid.h>
  #include <linux/ptrace.h>
 -#include <linux/security.h>
 +#include <linux/capability.h>
  #include <linux/tracehook.h>
  #include <linux/uaccess.h>

 @@ -383,8 +383,7 @@ static struct seccomp_filter *seccomp_pr
  	 * behavior of privileged children.
  	 */
  	if (!task_no_new_privs(current) &&
 -	    security_capable(current_cred(), current_user_ns(),
 -				     CAP_SYS_ADMIN, CAP_OPT_NOAUDIT) != 0)
 +			!ns_capable_noaudit(current_user_ns(), CAP_SYS_ADMIN))
  		return ERR_PTR(-EACCES);

  	/* Allocate a new seccomp_filter */
	From fb14528e443646dd3fd02df4437fcf5265b66baa Mon Sep 17 00:00:00 2001
	From: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= <mic@linux.microsoft.com>
	Date: Fri, 30 Oct 2020 13:38:49 +0100
	Subject: seccomp: Set PF_SUPERPRIV when checking capability
	MIME-Version: 1.0
	Content-Type: text/plain; charset=UTF-8
	Content-Transfer-Encoding: 8bit

	From: Mickaël Salaün <mic@linux.microsoft.com>

	commit fb14528e443646dd3fd02df4437fcf5265b66baa upstream.

	Replace the use of security_capable(current_cred(), ...) with
	ns_capable_noaudit() which set PF_SUPERPRIV.

	Since commit 98f368e9e263 ("kernel: Add noaudit variant of
	ns_capable()"), a new ns_capable_noaudit() helper is available. Let's
	use it!

	Cc: Jann Horn <jannh@google.com>
	Cc: Kees Cook <keescook@chromium.org>
	Cc: Tyler Hicks <tyhicks@linux.microsoft.com>
	Cc: Will Drewry <wad@chromium.org>
	Cc: stable@vger.kernel.org
	Fixes: e2cfabdfd075 ("seccomp: add system call filtering using BPF")
	Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
	Reviewed-by: Jann Horn <jannh@google.com>
	Signed-off-by: Kees Cook <keescook@chromium.org>
	Link: https://lore.kernel.org/r/20201030123849.770769-3-mic@digikod.net
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

	---
	kernel/seccomp.c \| 5 ++---
	1 file changed, 2 insertions(+), 3 deletions(-)

	--- a/kernel/seccomp.c
	+++ b/kernel/seccomp.c
	@@ -36,7 +36,7 @@
	#include <linux/filter.h>
	#include <linux/pid.h>
	#include <linux/ptrace.h>
	-#include <linux/security.h>
	+#include <linux/capability.h>
	#include <linux/tracehook.h>
	#include <linux/uaccess.h>

	@@ -383,8 +383,7 @@ static struct seccomp_filter *seccomp_pr
	* behavior of privileged children.
	*/
	if (!task_no_new_privs(current) &&
	- security_capable(current_cred(), current_user_ns(),
	- CAP_SYS_ADMIN, CAP_OPT_NOAUDIT) != 0)
	+ !ns_capable_noaudit(current_user_ns(), CAP_SYS_ADMIN))
	return ERR_PTR(-EACCES);

	/* Allocate a new seccomp_filter */