From: Mickaël Salaün mic@linux.microsoft.com
commit fb14528e443646dd3fd02df4437fcf5265b66baa upstream.
Replace the use of security_capable(current_cred(), ...) with ns_capable_noaudit() which set PF_SUPERPRIV.
Since commit 98f368e9e263 ("kernel: Add noaudit variant of ns_capable()"), a new ns_capable_noaudit() helper is available. Let's use it!
Cc: Jann Horn jannh@google.com Cc: Kees Cook keescook@chromium.org Cc: Tyler Hicks tyhicks@linux.microsoft.com Cc: Will Drewry wad@chromium.org Cc: stable@vger.kernel.org Fixes: e2cfabdfd075 ("seccomp: add system call filtering using BPF") Signed-off-by: Mickaël Salaün mic@linux.microsoft.com Reviewed-by: Jann Horn jannh@google.com Signed-off-by: Kees Cook keescook@chromium.org Link: https://lore.kernel.org/r/20201030123849.770769-3-mic@digikod.net Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- kernel/seccomp.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)
--- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -36,7 +36,7 @@ #include <linux/filter.h> #include <linux/pid.h> #include <linux/ptrace.h> -#include <linux/security.h> +#include <linux/capability.h> #include <linux/tracehook.h> #include <linux/uaccess.h>
@@ -383,8 +383,7 @@ static struct seccomp_filter *seccomp_pr * behavior of privileged children. */ if (!task_no_new_privs(current) && - security_capable(current_cred(), current_user_ns(), - CAP_SYS_ADMIN, CAP_OPT_NOAUDIT) != 0) + !ns_capable_noaudit(current_user_ns(), CAP_SYS_ADMIN)) return ERR_PTR(-EACCES);
/* Allocate a new seccomp_filter */