summaryrefslogtreecommitdiffstats
path: root/fs/notify/fdinfo.c
diff options
context:
space:
mode:
authorAmir Goldstein <amir73il@gmail.com>2021-05-24 15:53:21 +0200
committerJan Kara <jack@suse.cz>2021-05-25 12:21:14 +0200
commita8b98c808eab3ec8f1b5a64be967b0f4af4cae43 (patch)
treecd0170b7b0d8e5a4e73334394683ff0f02cf7bb8 /fs/notify/fdinfo.c
parentMAINTAINERS: Add Matthew Bobrowski as a reviewer (diff)
downloadlinux-a8b98c808eab3ec8f1b5a64be967b0f4af4cae43.tar.xz
linux-a8b98c808eab3ec8f1b5a64be967b0f4af4cae43.zip
fanotify: fix permission model of unprivileged group
Reporting event->pid should depend on the privileges of the user that initialized the group, not the privileges of the user reading the events. Use an internal group flag FANOTIFY_UNPRIV to record the fact that the group was initialized by an unprivileged user. To be on the safe side, the premissions to setup filesystem and mount marks now require that both the user that initialized the group and the user setting up the mark have CAP_SYS_ADMIN. Link: https://lore.kernel.org/linux-fsdevel/CAOQ4uxiA77_P5vtv7e83g0+9d7B5W9ZTE4GfQEYbWmfT1rA=VA@mail.gmail.com/ Fixes: 7cea2a3c505e ("fanotify: support limited functionality for unprivileged users") Cc: <Stable@vger.kernel.org> # v5.12+ Link: https://lore.kernel.org/r/20210524135321.2190062-1-amir73il@gmail.com Reviewed-by: Matthew Bobrowski <repnop@google.com> Acked-by: Christian Brauner <christian.brauner@ubuntu.com> Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
Diffstat (limited to 'fs/notify/fdinfo.c')
-rw-r--r--fs/notify/fdinfo.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/notify/fdinfo.c b/fs/notify/fdinfo.c
index a712b2aaa9ac..57f0d5d9f934 100644
--- a/fs/notify/fdinfo.c
+++ b/fs/notify/fdinfo.c
@@ -144,7 +144,7 @@ void fanotify_show_fdinfo(struct seq_file *m, struct file *f)
struct fsnotify_group *group = f->private_data;
seq_printf(m, "fanotify flags:%x event-flags:%x\n",
- group->fanotify_data.flags,
+ group->fanotify_data.flags & FANOTIFY_INIT_FLAGS,
group->fanotify_data.f_flags);
show_fdinfo(m, f, fanotify_fdinfo);