On 2/28/23, Linus Torvalds [off-list ref] wrote:

On Tue, Feb 28, 2023 at 11:39 AM Linus Torvalds
[off-list ref] wrote:

quoted

Call me crazy.

Hello crazy,

I had to go through the patch with a find comb, because everything
worked except for some reason network name resolution failed:
systemd-resolved got a permission error on

    Failed to listen on UDP socket 127.0.0.53:53: Permission denied

Spot the insufficient fixup in my cut-and-paste capget() patch:

  kdata[0].effective   = pE.val;
        kdata[1].effective   = pE.val >> 32;
  kdata[0].permitted   = pP.val;
        kdata[1].permitted   = pP.val >> 32;
  kdata[0].inheritable = pI.val;
        kdata[0].inheritable = pI.val >> 32;

Oops.

But with that fixed, that patch actually does seem to work.

This is part of the crap which made me unwilling to do the clean up.

Unless there is a test suite (which I'm guessing there is not), I
think this warrants a prog which iterates over all methods with a
bunch of randomly generated capsets (+ maybe handpicked corner cases?)
and compares results new vs old. Otherwise I would feel very uneasy
signing off on the patch.

That said, nice cleanup if it works out :)

-- 
Mateusz Guzik <mjguzik gmail.com>