summaryrefslogtreecommitdiff
path: root/tools/testing/selftests/net/lib/py/utils.py
diff options
context:
space:
mode:
authorChristian Göttsche <cgzones@googlemail.com>2025-09-10 21:26:05 +0200
committerChristian Brauner <brauner@kernel.org>2025-09-19 13:08:31 +0200
commitb9cb7e59ac4ae68940347ebfc41e0436d32d3c6e (patch)
tree0db9b37528540c1421f6bd4b5614501a3b1c9ae6 /tools/testing/selftests/net/lib/py/utils.py
parentf99b3917789d83ea89b24b722d784956f8289f45 (diff)
pid: use ns_capable_noaudit() when determining net sysctl permissions
The capability check should not be audited since it is only being used to determine the inode permissions. A failed check does not indicate a violation of security policy but, when an LSM is enabled, a denial audit message was being generated. The denial audit message can either lead to the capability being unnecessarily allowed in a security policy, or being silenced potentially masking a legitimate capability check at a later point in time. Similar to commit d6169b0206db ("net: Use ns_capable_noaudit() when determining net sysctl permissions") Fixes: 7863dcc72d0f ("pid: allow pid_max to be set per pid namespace") CC: Christian Brauner <brauner@kernel.org> CC: linux-security-module@vger.kernel.org CC: selinux@vger.kernel.org Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: Serge Hallyn <serge@hallyn.com> Reviewed-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Christian Brauner <brauner@kernel.org>
Diffstat (limited to 'tools/testing/selftests/net/lib/py/utils.py')
0 files changed, 0 insertions, 0 deletions
generated by cgit (git 2.34.1) at 2025-10-21 09:28:18 +0000