• Thomas Cedeno's avatar
    LSM: Signal to SafeSetID when setting group IDs · 111767c1
    Thomas Cedeno authored
    For SafeSetID to properly gate set*gid() calls, it needs to know whether
    ns_capable() is being called from within a sys_set*gid() function or is
    being called from elsewhere in the kernel. This allows SafeSetID to deny
    CAP_SETGID to restricted groups when they are attempting to use the
    capability for code paths other than updating GIDs (e.g. setting up
    userns GID mappings). This is the identical approach to what is
    currently done for CAP_SETUID.
    
    NOTE: We also add signaling to SafeSetID from the setgroups() syscall,
    as we have future plans to restrict a process' ability to set
    supplementary groups in addition to what is added in this series for
    restricting setting of the primary group.
    Signed-off-by: default avatarThomas Cedeno <thomascedeno@google.com>
    Signed-off-by: default avatarMicah Morton <mortonm@chromium.org>
    111767c1
groups.c 4.91 KB