[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 12 Dec 2022 09:37:29 -0600
From: Seth Forshee <sforshee@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Christian Brauner <brauner@...nel.org>,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [GIT PULL] xattr audit fix for v6.2
Hi Linus,
/* Summary */
This is a single patch to remove auditing of the
capability check in simple_xattr_list(). This check is done to check
whether trusted xattrs should be included by listxattr(2). SELinux will
normally log a denial when capable() is called and the task's SELinux
context doesn't have the corresponding capability permission allowed,
which can end up spamming the log. Since a failed check here cannot be
used to infer malicious intent, auditing is of no real value, and it
makes sense to stop auditing the capability check.
/* Testing */
The patch is based off of 6.1-rc4 and has been sitting in linux-next. No
build failures or warnings were observed and fstests, selftests, and LTP
show no regressions.
/* Conflicts */
At the time of creating this PR no merge conflicts were reported from
linux-next. A test merge with current mainline also showed no conflicts.
The following changes since commit f0c4d9fc9cc9462659728d168387191387e903cc:
Linux 6.1-rc4 (2022-11-06 15:07:11 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping.git tags/fs.xattr.simple.noaudit.v6.2
for you to fetch changes up to e7eda157c4071cd1e69f4b1687b0fbe1ae5e6f46:
fs: don't audit the capability check in simple_xattr_list() (2022-11-07 16:55:45 +0100)
Please consider pulling these changes from the signed
fs.xattr.simple.noaudit.v6.2.
Thanks!
Seth
----------------------------------------------------------------
fs.xattr.simple.noaudit.v6.2
----------------------------------------------------------------
Ondrej Mosnacek (1):
fs: don't audit the capability check in simple_xattr_list()
fs/xattr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Powered by blists - more mailing lists