On Thu, Oct 25, 2018 at 01:56:27PM -0500, Eric W. Biederman wrote: > > Access to timerslack_ns is controlled by a process having CAP_SYS_NICE > > in its effective capability set, but the current check looks in the root > > namespace instead of the process' user namespace. Since a process is > > allowed to do other activities controlled by CAP_SYS_NICE inside a > > namespace, it should also be able to adjust timerslack_ns. > > The goal seems legitimate. However the permission checks look wrong. > > In particular the choice of user namespace should be > "p->cred->user_ns". This will limit this to tasks that have > CAP_SYS_NICE in the same namespace as the task that is being modified. > > Testing file->f_cred->user_ns it is testing whoever opened the file and > that could be anyone.
Thanks, that seems like the right answer here. I'll send a v2 to fix it. Thanks, Benjamin
