[Devel] [PATCH] prctl: reduce requirements to exe link change
Stanislav Kinsburskiy
skinsbursky at virtuozzo.com
Tue Jul 4 18:03:33 MSK 2017
Do not request for CAP_SYS_RESOURCE anymore to change exe link.
This is needed to allow spfs manager to change it in unprivileged process.
In case of CRIU this restriction wasn't a problem, since CRIU is a priviledged
process and drops capabilities _after_ exe link change.
But then spfs manager is not able to do the same thing for unpriviledged
process.
We are not going to push NFS to upstream anymore. And thus can relax
requirements in our kernel.
Note: this limitation is somewhat strange, because exe link can be changed
upon execve system call.
https://jira.sw.ru/browse/PSBM-50867
Signed-off-by: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
---
kernel/sys.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/kernel/sys.c b/kernel/sys.c
index 9a681ae..f8f1dd9 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -2329,12 +2329,12 @@ static int prctl_set_mm(int opt, unsigned long addr,
return prctl_set_mm_map(opt, (const void __user *)addr, arg4);
#endif
- if (!ve_capable(CAP_SYS_RESOURCE))
- return -EPERM;
-
if (opt == PR_SET_MM_EXE_FILE)
return prctl_set_mm_exe_file(mm, (unsigned int)addr);
+ if (!ve_capable(CAP_SYS_RESOURCE))
+ return -EPERM;
+
if (opt == PR_SET_MM_AUXV)
return prctl_set_auxv(mm, addr, arg4);
More information about the Devel
mailing list