[PATCH v4 17/21] capabilities: Allow privileged user in s_user_ns to set security.* xattrs
James Morris
jmorris at namei.org
Wed Apr 27 00:22:02 PDT 2016
On Tue, 26 Apr 2016, Seth Forshee wrote:
> A privileged user in s_user_ns will generally have the ability to
> manipulate the backing store and insert security.* xattrs into
> the filesystem directly. Therefore the kernel must be prepared to
> handle these xattrs from unprivileged mounts, and it makes little
> sense for commoncap to prevent writing these xattrs to the
> filesystem. The capability and LSM code have already been updated
> to appropriately handle xattrs from unprivileged mounts, so it
> is safe to loosen this restriction on setting xattrs.
>
> The exception to this logic is that writing xattrs to a mounted
> filesystem may also cause the LSM inode_post_setxattr or
> inode_setsecurity callbacks to be invoked. SELinux will deny the
> xattr update by virtue of applying mountpoint labeling to
> unprivileged userns mounts, and Smack will deny the writes for
> any user without global CAP_MAC_ADMIN, so loosening the
> capability check in commoncap is safe in this respect as well.
>
> Signed-off-by: Seth Forshee <seth.forshee at canonical.com>
> Acked-by: Serge Hallyn <serge.hallyn at canonical.com>
Acked-by: James Morris <james.l.morris at oracle.com>
--
James Morris
<jmorris at namei.org>
More information about the linux-mtd
mailing list