summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorMickaël Salaün <mic@digikod.net>2022-05-06 18:08:19 +0200
committerMickaël Salaün <mic@digikod.net>2022-05-23 13:27:51 +0200
commiteba39ca4b155c54adf471a69e91799cc1727873f (patch)
treeee3063cc1acbe6bf317cda7d459cb1323e3514cb /security
parentlandlock: Change landlock_add_rule(2) argument check ordering (diff)
downloadlinux-eba39ca4b155c54adf471a69e91799cc1727873f.tar.xz
linux-eba39ca4b155c54adf471a69e91799cc1727873f.zip
landlock: Change landlock_restrict_self(2) check ordering
According to the Landlock goal to be a security feature available to unprivileges processes, it makes more sense to first check for no_new_privs before checking anything else (i.e. syscall arguments). Merge inval_fd_enforce and unpriv_enforce_without_no_new_privs tests into the new restrict_self_checks_ordering. This is similar to the previous commit checking other syscalls. Link: https://lore.kernel.org/r/20220506160820.524344-10-mic@digikod.net Cc: stable@vger.kernel.org Signed-off-by: Mickaël Salaün <mic@digikod.net>
Diffstat (limited to 'security')
-rw-r--r--security/landlock/syscalls.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/security/landlock/syscalls.c b/security/landlock/syscalls.c
index a7396220c9d4..507d43827afe 100644
--- a/security/landlock/syscalls.c
+++ b/security/landlock/syscalls.c
@@ -405,10 +405,6 @@ SYSCALL_DEFINE2(landlock_restrict_self, const int, ruleset_fd, const __u32,
if (!landlock_initialized)
return -EOPNOTSUPP;
- /* No flag for now. */
- if (flags)
- return -EINVAL;
-
/*
* Similar checks as for seccomp(2), except that an -EPERM may be
* returned.
@@ -417,6 +413,10 @@ SYSCALL_DEFINE2(landlock_restrict_self, const int, ruleset_fd, const __u32,
!ns_capable_noaudit(current_user_ns(), CAP_SYS_ADMIN))
return -EPERM;
+ /* No flag for now. */
+ if (flags)
+ return -EINVAL;
+
/* Gets and checks the ruleset. */
ruleset = get_ruleset_from_fd(ruleset_fd, FMODE_CAN_READ);
if (IS_ERR(ruleset))