WSL2-Linux-Kernel/security/keys
Christian Göttsche ee49b97cb5 security: keys: perform capable check only on privileged operations
[ Upstream commit 2d7f105edb ]

If the current task fails the check for the queried capability via
`capable(CAP_SYS_ADMIN)` LSMs like SELinux generate a denial message.
Issuing such denial messages unnecessarily can lead to a policy author
granting more privileges to a subject than needed to silence them.

Reorder CAP_SYS_ADMIN checks after the check whether the operation is
actually privileged.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-09-19 12:22:28 +02:00
..
encrypted-keys
trusted-keys security: keys: Modify mismatched function name 2023-07-27 08:47:01 +02:00
Kconfig
Makefile
big_key.c
compat.c
compat_dh.c
dh.c
gc.c
internal.h
key.c
keyctl.c security: keys: perform capable check only on privileged operations 2023-09-19 12:22:28 +02:00
keyctl_pkey.c
keyring.c
permission.c
persistent.c
proc.c
process_keys.c
request_key.c keys: Fix linking a duplicate key to a keyring's assoc_array 2023-07-27 08:46:53 +02:00
request_key_auth.c
sysctl.c
user_defined.c