On Tue, Aug 30, 2022 at 11:05 AM Christian Göttsche
[off-list ref] wrote:

On Mon, 27 Jun 2022 at 00:34, Serge E. Hallyn [off-list ref] wrote:

quoted

On Wed, Jun 15, 2022 at 05:26:23PM +0200, Christian Göttsche wrote:

quoted

Add the interfaces `capable_any()` and `ns_capable_any()` as an
alternative to multiple `capable()`/`ns_capable()` calls, like
`capable_any(CAP_SYS_NICE, CAP_SYS_ADMIN)` instead of
`capable(CAP_SYS_NICE) || capable(CAP_SYS_ADMIN)`.

`capable_any()`/`ns_capable_any()` will in particular generate exactly
one audit message, either for the left most capability in effect or, if
the task has none, the first one.

This is especially helpful with regard to SELinux, where each audit
message about a not allowed capability will create an AVC denial.
Using this function with the least invasive capability as left most
argument (e.g. CAP_SYS_NICE before CAP_SYS_ADMIN) enables policy writers
to only allow the least invasive one and SELinux domains pass this check
with only capability:sys_nice or capability:sys_admin allowed without
any AVC denial message.

Signed-off-by: Christian Göttsche <redacted>

Reviewed-by: Serge Hallyn <serge@hallyn.com>

Kindly ping.

So far patch 3 was reviewed [1] and patch 4 was reviewed [2,3] and
partially acked [4].

Currently this series trivially rebases on top of 6.0-rc1.
Should I send a rebased v4 or what is the best way to move forward?

Hi Christian,

Sorry for the delay, this is one of those things that was stalled a
bit during the maintainer hand-off.  It's on my list of things to look
at, it is just unfortunate that we have had a lot of things going on
at the LSM layer lately; don't respin it just yet, let me take a quick
look first ...

-- 
paul-moore.com