mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-15 21:23:23 +00:00
ead64b20f1
capable() calls refer to enabled LSMs whether to permit or deny the
request. This is relevant in connection with SELinux, where a
capability check results in a policy decision and by default a denial
message on insufficient permission is issued.
It can lead to three undesired cases:
1. A denial message is generated, even in case the operation was an
unprivileged one and thus the syscall succeeded, creating noise.
2. To avoid the noise from 1. the policy writer adds a rule to ignore
those denial messages, hiding future syscalls, where the task
performs an actual privileged operation, leading to hidden limited
functionality of that task.
3. To avoid the noise from 1. the policy writer adds a rule to permit
the task the requested capability, while it does not need it,
violating the principle of least privilege.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
69 lines
2.0 KiB
C
69 lines
2.0 KiB
C
/* SPDX-License-Identifier: GPL-2.0-only */
|
|
/*
|
|
* Copyright (C) Sistina Software, Inc. 1997-2003 All rights reserved.
|
|
* Copyright (C) 2004-2006 Red Hat, Inc. All rights reserved.
|
|
*/
|
|
|
|
#ifndef __QUOTA_DOT_H__
|
|
#define __QUOTA_DOT_H__
|
|
|
|
#include <linux/list_lru.h>
|
|
|
|
struct gfs2_inode;
|
|
struct gfs2_sbd;
|
|
|
|
#define NO_UID_QUOTA_CHANGE INVALID_UID
|
|
#define NO_GID_QUOTA_CHANGE INVALID_GID
|
|
|
|
int gfs2_qa_get(struct gfs2_inode *ip);
|
|
void gfs2_qa_put(struct gfs2_inode *ip);
|
|
int gfs2_quota_hold(struct gfs2_inode *ip, kuid_t uid, kgid_t gid);
|
|
void gfs2_quota_unhold(struct gfs2_inode *ip);
|
|
|
|
int gfs2_quota_lock(struct gfs2_inode *ip, kuid_t uid, kgid_t gid);
|
|
void gfs2_quota_unlock(struct gfs2_inode *ip);
|
|
|
|
int gfs2_quota_check(struct gfs2_inode *ip, kuid_t uid, kgid_t gid,
|
|
struct gfs2_alloc_parms *ap);
|
|
void gfs2_quota_change(struct gfs2_inode *ip, s64 change,
|
|
kuid_t uid, kgid_t gid);
|
|
|
|
int gfs2_quota_sync(struct super_block *sb, int type);
|
|
int gfs2_quota_refresh(struct gfs2_sbd *sdp, struct kqid qid);
|
|
|
|
int gfs2_quota_init(struct gfs2_sbd *sdp);
|
|
void gfs2_quota_cleanup(struct gfs2_sbd *sdp);
|
|
int gfs2_quotad(void *data);
|
|
|
|
void gfs2_wake_up_statfs(struct gfs2_sbd *sdp);
|
|
|
|
static inline int gfs2_quota_lock_check(struct gfs2_inode *ip,
|
|
struct gfs2_alloc_parms *ap)
|
|
{
|
|
struct gfs2_sbd *sdp = GFS2_SB(&ip->i_inode);
|
|
int ret;
|
|
|
|
ap->allowed = UINT_MAX; /* Assume we are permitted a whole lot */
|
|
if (sdp->sd_args.ar_quota == GFS2_QUOTA_OFF ||
|
|
capable(CAP_SYS_RESOURCE))
|
|
return 0;
|
|
ret = gfs2_quota_lock(ip, NO_UID_QUOTA_CHANGE, NO_GID_QUOTA_CHANGE);
|
|
if (ret)
|
|
return ret;
|
|
if (sdp->sd_args.ar_quota == GFS2_QUOTA_ACCOUNT)
|
|
return 0;
|
|
ret = gfs2_quota_check(ip, ip->i_inode.i_uid, ip->i_inode.i_gid, ap);
|
|
if (ret)
|
|
gfs2_quota_unlock(ip);
|
|
return ret;
|
|
}
|
|
|
|
extern const struct quotactl_ops gfs2_quotactl_ops;
|
|
int __init gfs2_qd_shrinker_init(void);
|
|
void gfs2_qd_shrinker_exit(void);
|
|
extern struct list_lru gfs2_qd_lru;
|
|
|
|
void __init gfs2_quota_hash_init(void);
|
|
|
|
#endif /* __QUOTA_DOT_H__ */
|