From: "Christian Göttsche" <cgzones@googlemail.com>
To: linux-kernel@vger.kernel.org
Cc: selinux@vger.kernel.org, linux-security-module@vger.kernel.org,
Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Juri Lelli <juri.lelli@redhat.com>,
Vincent Guittot <vincent.guittot@linaro.org>,
Dietmar Eggemann <dietmar.eggemann@arm.com>,
Steven Rostedt <rostedt@goodmis.org>,
Ben Segall <bsegall@google.com>, Mel Gorman <mgorman@suse.de>
Subject: [RFC PATCH] sched: only issue an audit on privileged operation
Date: Fri, 4 Sep 2020 18:00:31 +0200 [thread overview]
Message-ID: <20200904160031.6444-1-cgzones@googlemail.com> (raw)
sched_setattr(2) does via kernel/sched/core.c:__sched_setscheduler()
issue a CAP_SYS_NICE audit event unconditionally, even when the requested
operation does not require that capability / is un-privileged.
Perform privilged/unprivileged catigorization first and perform a
capable test only if needed.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
kernel/sched/core.c | 65 ++++++++++++++++++++++++++++++++-------------
1 file changed, 47 insertions(+), 18 deletions(-)
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index 8471a0f7eb32..954f968d2466 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -5249,13 +5249,19 @@ static int __sched_setscheduler(struct task_struct *p,
return -EINVAL;
/*
- * Allow unprivileged RT tasks to decrease priority:
+ * Allow unprivileged RT tasks to decrease priority.
+ * Only issue a capable test if needed to avoid audit
+ * event on non-privileged operations:
*/
- if (user && !capable(CAP_SYS_NICE)) {
+ if (user) {
if (fair_policy(policy)) {
if (attr->sched_nice < task_nice(p) &&
- !can_nice(p, attr->sched_nice))
- return -EPERM;
+ !can_nice(p, attr->sched_nice)) {
+ if (capable(CAP_SYS_NICE))
+ goto sys_nice_capable;
+ else
+ return -EPERM;
+ }
}
if (rt_policy(policy)) {
@@ -5263,13 +5269,21 @@ static int __sched_setscheduler(struct task_struct *p,
task_rlimit(p, RLIMIT_RTPRIO);
/* Can't set/change the rt policy: */
- if (policy != p->policy && !rlim_rtprio)
- return -EPERM;
+ if (policy != p->policy && !rlim_rtprio) {
+ if (capable(CAP_SYS_NICE))
+ goto sys_nice_capable;
+ else
+ return -EPERM;
+ }
/* Can't increase priority: */
if (attr->sched_priority > p->rt_priority &&
- attr->sched_priority > rlim_rtprio)
- return -EPERM;
+ attr->sched_priority > rlim_rtprio) {
+ if (capable(CAP_SYS_NICE))
+ goto sys_nice_capable;
+ else
+ return -EPERM;
+ }
}
/*
@@ -5278,28 +5292,43 @@ static int __sched_setscheduler(struct task_struct *p,
* unprivileged DL tasks to increase their relative deadline
* or reduce their runtime (both ways reducing utilization)
*/
- if (dl_policy(policy))
- return -EPERM;
+ if (dl_policy(policy)) {
+ if (capable(CAP_SYS_NICE))
+ goto sys_nice_capable;
+ else
+ return -EPERM;
+ }
/*
* Treat SCHED_IDLE as nice 20. Only allow a switch to
* SCHED_NORMAL if the RLIMIT_NICE would normally permit it.
*/
if (task_has_idle_policy(p) && !idle_policy(policy)) {
- if (!can_nice(p, task_nice(p)))
- return -EPERM;
+ if (!can_nice(p, task_nice(p))) {
+ if (capable(CAP_SYS_NICE))
+ goto sys_nice_capable;
+ else
+ return -EPERM;
+ }
}
/* Can't change other user's priorities: */
- if (!check_same_owner(p))
- return -EPERM;
+ if (!check_same_owner(p)) {
+ if (capable(CAP_SYS_NICE))
+ goto sys_nice_capable;
+ else
+ return -EPERM;
+ }
/* Normal users shall not reset the sched_reset_on_fork flag: */
- if (p->sched_reset_on_fork && !reset_on_fork)
- return -EPERM;
- }
+ if (p->sched_reset_on_fork && !reset_on_fork) {
+ if (capable(CAP_SYS_NICE))
+ goto sys_nice_capable;
+ else
+ return -EPERM;
+ }
- if (user) {
+sys_nice_capable:
if (attr->sched_flags & SCHED_FLAG_SUGOV)
return -EINVAL;
--
2.28.0
next reply other threads:[~2020-09-04 16:01 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-04 16:00 Christian Göttsche [this message]
2020-09-08 10:25 ` [RFC PATCH] sched: only issue an audit on privileged operation peterz
2020-09-08 11:28 ` Ondrej Mosnacek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200904160031.6444-1-cgzones@googlemail.com \
--to=cgzones@googlemail.com \
--cc=bsegall@google.com \
--cc=dietmar.eggemann@arm.com \
--cc=juri.lelli@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mgorman@suse.de \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=selinux@vger.kernel.org \
--cc=vincent.guittot@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox