Re: [PATCH V4 09/10] capabilities: fix logic for effective root or real root

On Wed, Sep 20, 2017 at 3:11 PM, Paul Moore <paul(a)paul-moore.com&gt; wrote: > On Tue, Sep 5, 2017 at 2:46 AM, Richard Guy Briggs <rgb(a)redhat.com&gt; wrote: >> Now that the logic is inverted, it is much easier to see that both real >> root and effective root conditions had to be met to avoid printing the >> BPRM_FCAPS record with audit syscalls. This meant that any setuid root >> applications would print a full BPRM_FCAPS record when it wasn't >> necessary, cluttering the event output, since the SYSCALL and PATH >> records indicated the presence of the setuid bit and effective root user >> id. >> >> Require only one of effective root or real root to avoid printing the >> unnecessary record. >> >> Ref: commit 3fc689e96c0c ("Add audit_log_bprm_fcaps/AUDIT_BPRM_FCAPS") >> See: https://github.com/linux-audit/audit-kernel/issues/16 >> >> Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com&gt; >> Reviewed-by: Serge Hallyn <serge(a)hallyn.com&gt; >> Acked-by: James Morris <james.l.morris(a)oracle.com&gt; >> --- >> security/commoncap.c | 5 ++--- >> 1 files changed, 2 insertions(+), 3 deletions(-) > > Trying to sort this out, I've decided that I dislike the capabilities > code as much as I dislike the audit code. Read binfmt_elf.c and your journey towards the dark side will be complete!