Searched hist:"2 d7f105e" (Results 1 – 1 of 1) sorted by relevance
| /openbmc/linux/security/keys/ |
| H A D | keyctl.c | 2d7f105e Thu May 11 07:32:52 CDT 2023 Christian Göttsche <cgzones@googlemail.com> security: keys: perform capable check only on privileged operations
If the current task fails the check for the queried capability via
`capable(CAP_SYS_ADMIN)` LSMs like SELinux generate a denial message.
Issuing such denial messages unnecessarily can lead to a policy author
granting more privileges to a subject than needed to silence them.
Reorder CAP_SYS_ADMIN checks after the check whether the operation is
actually privileged.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
|