From patchwork Fri Sep 30 22:24:31 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dmitry Torokhov <dmitry.torokhov@gmail.com>
X-Patchwork-Id: 677271
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3sm5bV5J5qz9s5g
	for <patchwork-incoming@ozlabs.org>;
	Sat,  1 Oct 2016 08:24:54 +1000 (AEST)
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com header.b=cD67lVVR;
	dkim-atps=neutral
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S933630AbcI3WYj (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Fri, 30 Sep 2016 18:24:39 -0400
Received: from mail-pf0-f196.google.com ([209.85.192.196]:36594 "EHLO
	mail-pf0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S932687AbcI3WYg (ORCPT
	<rfc822;netdev@vger.kernel.org>); Fri, 30 Sep 2016 18:24:36 -0400
Received: by mail-pf0-f196.google.com with SMTP id n24so5448339pfb.3;
	Fri, 30 Sep 2016 15:24:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=date:from:to:cc:subject:message-id:mime-version:content-disposition
	:user-agent; bh=9H4hLsc4ujU+UpttYaUm9ioHlnX7CnN8wlkEPOxVlUE=;
	b=cD67lVVRdPh5roGZS4uShf0wiSd3YIwkA6XxvL14NND9CNqtyFcrMAT4bXBTetbySZ
	qWx3M/dNZCRv7HKRdvUz5ZzL9GdLn65LNPLHAN2bgrw2vygHZ251m82wlqTirUegdqvw
	0g+LT5L5NYi84/jIHwIAXxfCerXISo4etmQTUzqoDiJndcvTz+RyFSdsZI8JL3bxlhy5
	yVxDpjbMHY2wEbfy6pLC05YnV533LBWHB7Hvou7Zlorcui3g+2xpLTQzgRQEZmq2eJoC
	W52Sra10Kon7/LcupLPPkFYFmUZiTIv/qKk0+PLJfpx3Pmr27ObcJHw3qt/MjgNcNVYD
	XTqQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version
	:content-disposition:user-agent;
	bh=9H4hLsc4ujU+UpttYaUm9ioHlnX7CnN8wlkEPOxVlUE=;
	b=dRFpnCGHvBNf/lHQxsvxlyVJUEExCj19uoX64FyRfBfVUr3veQhCgEKXLhgMKLGS3h
	3/iwxKyitYFQz9lAMgXz/h2jnFcPWDb/jcgCyYsNQI7HZF0vvBR7GJcMVwowK7zA7zNO
	ipZ4DE/MxD9dDtQ4+gBVHWXwcAszPXe1o8n444slsFK7vJrL13Z3hpq9WKWsIOLLR5d+
	yeeqZ9/bIF/tS6zp0aOrska9e4vHG2BLUFTByYASKCdeLPFcK/g3xpqD2wS2CrmX58xW
	AZDnKWzldIBnb+dW5wsH94m5YE1+9wZQXC//WOY8gJT7lGfKNg8TpmBIRUjpL8CB383C
	k8Rg==
X-Gm-Message-State: 
 AA6/9RnxHdieFbuUNdvYsaiLyB/qhC6+qioyY15jx0NEygKNGkPMY+api+Bi50GOwfuy6g==
X-Received: by 10.98.99.67 with SMTP id x64mr15534234pfb.26.1475274275201;
	Fri, 30 Sep 2016 15:24:35 -0700 (PDT)
Received: from dtor-ws ([2620:0:1000:1311:64aa:39b9:6d0c:93e7])
	by smtp.gmail.com with ESMTPSA id
	75sm22694410pfq.46.2016.09.30.15.24.33
	(version=TLS1_2 cipher=AES128-SHA bits=128/128);
	Fri, 30 Sep 2016 15:24:33 -0700 (PDT)
Date: Fri, 30 Sep 2016 15:24:31 -0700
From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
To: "David S. Miller" <davem@davemloft.net>
Cc: Tyler Hicks <tyhicks@canonical.com>,
	"Serge E. Hallyn" <serge.hallyn@ubuntu.com>,
	James Morris <james.l.morris@oracle.com>,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH] net: Use ns_capable_noaudit() when determining net sysctl
	permissions
Message-ID: <20160930222431.GA30208@dtor-ws>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Tyler Hicks <tyhicks@canonical.com>

The capability check should not be audited since it is only being used
to determine the inode permissions. A failed check does not indicate a
violation of security policy but, when an LSM is enabled, a denial audit
message was being generated.

The denial audit message caused confusion for some application authors
because root-running Go applications always triggered the denial. To
prevent this confusion, the capability check in net_ctl_permissions() is
switched to the noaudit variant.

BugLink: https://launchpad.net/bugs/1465724

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
[dtor: reapplied after e79c6a4fc923 ("net: make net namespace sysctls
belong to container's owner") accidentally reverted the change.]
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
---
 net/sysctl_net.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/sysctl_net.c b/net/sysctl_net.c
index c5d37f4..9199813 100644
--- a/net/sysctl_net.c
+++ b/net/sysctl_net.c
@@ -44,7 +44,7 @@ static int net_ctl_permissions(struct ctl_table_header *head,
 	struct net *net = container_of(head->set, struct net, sysctls);
 
 	/* Allow network administrator to have same access as root. */
-	if (ns_capable(net->user_ns, CAP_NET_ADMIN)) {
+	if (ns_capable_noaudit(net->user_ns, CAP_NET_ADMIN)) {
 		int mode = (table->mode >> 6) & 7;
 		return (mode << 6) | (mode << 3) | mode;
 	}