linux/net/sysctl_net.c at 7490a94de216328f69fc9ee6f85146980a752017

mirror of https://github.com/hardkernel/linux.git synced 2026-04-10 23:18:10 +09:00

Files

Tyler Hicks 6af4737361 net: Use ns_capable_noaudit() when determining net sysctl permissions

commit d6e0d30644 upstream.

The capability check should not be audited since it is only being used
to determine the inode permissions. A failed check does not indicate a
violation of security policy but, when an LSM is enabled, a denial audit
message was being generated.

The denial audit message caused confusion for some application authors
because root-running Go applications always triggered the denial. To
prevent this confusion, the capability check in net_ctl_permissions() is
switched to the noaudit variant.

BugLink: https://launchpad.net/bugs/1465724

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2016-09-15 08:27:50 +02:00

2.9 KiB

Raw Blame History

View Raw

2.9 KiB Raw Blame History

2.9 KiB

Raw Blame History