[d-kernel] [PATCH v5] AltHa: handle setcap binaries in the same way as setuid ones

Пн Май 30 18:24:12 MSK 2022

On Mon, May 30, 2022 at 06:11:25PM +0300, Vitaly Chikunov wrote:
> Vladimir,
> 
> On Mon, May 30, 2022 at 02:48:56PM +0300, Vladimir D. Seleznev wrote:
> > On Mon, May 23, 2022 at 01:44:04PM +0000, Vladimir D. Seleznev wrote:
> > > altha.nosuid facility controls what binaries can raise user privilleges.
> > > Prior to this commit it only handled setuid binaries, but it was still
> > > possible to raise privilleges via setcaps. Now it handles both setuid
> > > and setcap binaries.
> > > 
> > > Signed-off-by: Vladimir D. Seleznev <vseleznv на altlinux.org>
> > > ---
> > >  Documentation/admin-guide/LSM/AltHa.rst |  6 ++--
> > >  security/altha/Kconfig                  |  2 +-
> > >  security/altha/altha_lsm.c              | 47 ++++++++++++++++++++-----
> > >  3 files changed, 43 insertions(+), 12 deletions(-)
> > > 
> > 
> > Ping
> 
> What about tests?

I'm not ready to put efforts for tests at this moment. Please apply the
patch, the tests can be a future work for this module.

> ps. I also have additional thoughts about this protection concept itself.

-- 
   WBR,
   Vladimir D. Seleznev