From patchwork Wed Jun 30 18:35:48 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
X-Patchwork-Id: 1499049
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com
 (client-ip=91.189.94.19; helo=huckleberry.canonical.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>)
Received: from huckleberry.canonical.com (huckleberry.canonical.com
 [91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4GFVRD0ByBz9sWM;
	Thu,  1 Jul 2021 04:36:08 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1lyf48-0001Mr-Vb; Wed, 30 Jun 2021 18:36:04 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
 by huckleberry.canonical.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <cascardo@canonical.com>) id 1lyf47-0001Ln-9M
 for kernel-team@lists.ubuntu.com; Wed, 30 Jun 2021 18:36:03 +0000
Received: from [179.93.187.113] (helo=mussarela..)
 by youngberry.canonical.com with esmtpsa (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93)
 (envelope-from <cascardo@canonical.com>) id 1lyf46-0002xR-K7
 for kernel-team@lists.ubuntu.com; Wed, 30 Jun 2021 18:36:03 +0000
From: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU Bionic] UBUNTU: SAUCE: Revert "proc: Check /proc/$pid/attr/
 writes against file opener"
Date: Wed, 30 Jun 2021 15:35:48 -0300
Message-Id: <20210630183548.211753-3-cascardo@canonical.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20210630183548.211753-1-cascardo@canonical.com>
References: <20210630183548.211753-1-cascardo@canonical.com>
MIME-Version: 1.0
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

BugLink: https://bugs.launchpad.net/bugs/1934187

This reverts commit cec2a1d5bb20a68d580cf5dececa3edef38b88e8, which is
upstream commit bfb819ea20ce8bbeeba17e1a6418bf8bda91fc28.

This has been shown to cause failures with lxd, as the opener process had
different privileges than the writer, preventing lxd to be able to create
new processes inside a container when setting apparmor confinement.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
---
 fs/proc/base.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/fs/proc/base.c b/fs/proc/base.c
index fc35a8a3e481..bb9e020317d0 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -2588,10 +2588,6 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf,
 	ssize_t length;
 	struct task_struct *task = get_proc_task(inode);
 
-	/* A task may only write when it was the opener. */
-	if (file->f_cred != current_real_cred())
-		return -EPERM;
-
 	length = -ESRCH;
 	if (!task)
 		goto out_no_task;