lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAADnVQJKkrWosMo3S1Ua15_on0S5FWYqUgETi6gqccVOibvEAg@mail.gmail.com>
Date:   Thu, 17 Feb 2022 09:29:54 -0800
From:   Alexei Starovoitov <alexei.starovoitov@...il.com>
To:     Christian Göttsche <cgzones@...glemail.com>
Cc:     selinux@...r.kernel.org, Jens Axboe <axboe@...nel.dk>,
        Hans Verkuil <hverkuil@...all.nl>,
        Mauro Carvalho Chehab <mchehab@...nel.org>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Stefan Haberland <sth@...ux.ibm.com>,
        Jan Hoeppner <hoeppner@...ux.ibm.com>,
        Heiko Carstens <hca@...ux.ibm.com>,
        Vasily Gorbik <gor@...ux.ibm.com>,
        Christian Borntraeger <borntraeger@...ux.ibm.com>,
        Alexander Gordeev <agordeev@...ux.ibm.com>,
        Sven Schnelle <svens@...ux.ibm.com>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Serge Hallyn <serge@...lyn.com>,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Andrii Nakryiko <andrii@...nel.org>,
        Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        John Fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...nel.org>,
        Zhen Lei <thunder.leizhen@...wei.com>,
        Arnd Bergmann <arnd@...db.de>,
        Laurent Pinchart <laurent.pinchart@...asonboard.com>,
        Julia Lawall <Julia.Lawall@...ia.fr>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Jiri Slaby <jirislaby@...nel.org>,
        Pavel Skripkin <paskripkin@...il.com>,
        Du Cheng <ducheng2@...il.com>,
        "Eric W. Biederman" <ebiederm@...ssion.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Alexey Gladkov <legion@...nel.org>,
        David Hildenbrand <david@...hat.com>,
        Rolf Eike Beer <eb@...ix.com>,
        Christian Brauner <christian.brauner@...ntu.com>,
        Cyrill Gorcunov <gorcunov@...il.com>,
        Peter Collingbourne <pcc@...gle.com>,
        Colin Cross <ccross@...gle.com>,
        Davidlohr Bueso <dave@...olabs.net>,
        Xiaofeng Cao <cxfcosmos@...il.com>,
        Nikolay Aleksandrov <nikolay@...dia.com>,
        Stefano Garzarella <sgarzare@...hat.com>,
        Florian Fainelli <f.fainelli@...il.com>,
        Ziyang Xuan <william.xuanziyang@...wei.com>,
        Alexander Aring <aahringo@...hat.com>,
        Eric Dumazet <edumazet@...gle.com>,
        Alistair Delva <adelva@...gle.com>,
        Bart Van Assche <bvanassche@....org>,
        linux-block@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>,
        linux-media@...r.kernel.org,
        Network Development <netdev@...r.kernel.org>,
        linux-s390 <linux-s390@...r.kernel.org>,
        Linux-Fsdevel <linux-fsdevel@...r.kernel.org>,
        LSM List <linux-security-module@...r.kernel.org>,
        bpf <bpf@...r.kernel.org>
Subject: Re: [RFC PATCH 2/2] capability: use new capable_or functionality

On Thu, Feb 17, 2022 at 6:50 AM Christian Göttsche
<cgzones@...glemail.com> wrote:
>
> Use the new added capable_or macro in appropriate cases, where a task
> is required to have any of two capabilities.
>
> Reorder CAP_SYS_ADMIN last.
>
> TODO: split into subsystem patches.

Yes. Please.

The bpf side picked the existing order because we were aware
of that selinux issue.
Looks like there is no good order that works for all.
So the new helper makes a lot of sense.

> Fixes: 94c4b4fd25e6 ("block: Check ADMIN before NICE for IOPRIO_CLASS_RT")

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ