linux/fs/notify
Amir Goldstein a8b98c808e fanotify: fix permission model of unprivileged group
Reporting event->pid should depend on the privileges of the user that
initialized the group, not the privileges of the user reading the
events.

Use an internal group flag FANOTIFY_UNPRIV to record the fact that the
group was initialized by an unprivileged user.

To be on the safe side, the premissions to setup filesystem and mount
marks now require that both the user that initialized the group and
the user setting up the mark have CAP_SYS_ADMIN.

Link: https://lore.kernel.org/linux-fsdevel/CAOQ4uxiA77_P5vtv7e83g0+9d7B5W9ZTE4GfQEYbWmfT1rA=VA@mail.gmail.com/
Fixes: 7cea2a3c50 ("fanotify: support limited functionality for unprivileged users")
Cc: <Stable@vger.kernel.org> # v5.12+
Link: https://lore.kernel.org/r/20210524135321.2190062-1-amir73il@gmail.com
Reviewed-by: Matthew Bobrowski <repnop@google.com>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
2021-05-25 12:21:14 +02:00
..
dnotify \n 2020-12-17 10:56:27 -08:00
fanotify fanotify: fix permission model of unprivileged group 2021-05-25 12:21:14 +02:00
inotify fsnotify: use hash table for faster events merge 2021-03-16 16:37:51 +01:00
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fdinfo.c fanotify: fix permission model of unprivileged group 2021-05-25 12:21:14 +02:00
fdinfo.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fsnotify.c fsnotify: fix events reported to watching parent and child 2020-12-11 11:40:43 +01:00
fsnotify.h fsnotify: move declaration of fsnotify_mark_connector_cachep to fsnotify.h 2019-10-17 10:31:12 +02:00
group.c fanotify: configurable limits via sysfs 2021-03-16 16:49:31 +01:00
mark.c fanotify: configurable limits via sysfs 2021-03-16 16:49:31 +01:00
notification.c fsnotify: use hash table for faster events merge 2021-03-16 16:37:51 +01:00