search for: cap_sys_admin

...nsertions(+), 18 deletions(-) diff --git a/drivers/xen/xen-selfballoon.c b/drivers/xen/xen-selfballoon.c index 02817a8..21e18c1 100644 --- a/drivers/xen/xen-selfballoon.c +++ b/drivers/xen/xen-selfballoon.c @@ -265,8 +265,10 @@ static ssize_t store_selfballooning(struct device *dev, if (!capable(CAP_SYS_ADMIN)) return -EPERM; - err = strict_strtoul(buf, 10, &tmp); - if (err || ((tmp != 0) && (tmp != 1))) + err = kstrtoul(buf, 10, &tmp); + if (err) + return err; + if ((tmp != 0) && (tmp != 1)) return -EINVAL; xen_selfballooning_enabled = !!tmp; @@ -292,8 +294,10 @@ st...

...nsertions(+), 18 deletions(-) diff --git a/drivers/xen/xen-selfballoon.c b/drivers/xen/xen-selfballoon.c index 02817a8..21e18c1 100644 --- a/drivers/xen/xen-selfballoon.c +++ b/drivers/xen/xen-selfballoon.c @@ -265,8 +265,10 @@ static ssize_t store_selfballooning(struct device *dev, if (!capable(CAP_SYS_ADMIN)) return -EPERM; - err = strict_strtoul(buf, 10, &tmp); - if (err || ((tmp != 0) && (tmp != 1))) + err = kstrtoul(buf, 10, &tmp); + if (err) + return err; + if ((tmp != 0) && (tmp != 1)) return -EINVAL; xen_selfballooning_enabled = !!tmp; @@ -292,8 +294,10 @@ st...

...nsertions(+), 18 deletions(-) diff --git a/drivers/xen/xen-selfballoon.c b/drivers/xen/xen-selfballoon.c index 02817a8..21e18c1 100644 --- a/drivers/xen/xen-selfballoon.c +++ b/drivers/xen/xen-selfballoon.c @@ -265,8 +265,10 @@ static ssize_t store_selfballooning(struct device *dev, if (!capable(CAP_SYS_ADMIN)) return -EPERM; - err = strict_strtoul(buf, 10, &tmp); - if (err || ((tmp != 0) && (tmp != 1))) + err = kstrtoul(buf, 10, &tmp); + if (err) + return err; + if ((tmp != 0) && (tmp != 1)) return -EINVAL; xen_selfballooning_enabled = !!tmp; @@ -292,8 +294,10 @@ st...

...> +#include <linux/capability.h> #include <asm/div64.h> #include "compat.h" #include "ctree.h" @@ -1905,6 +1906,9 @@ int btrfs_balance(struct btrfs_root *dev_root) if (dev_root->fs_info->sb->s_flags & MS_RDONLY) return -EROFS; + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; + mutex_lock(&dev_root->fs_info->volume_mutex); dev_root = dev_root->fs_info->dev_root; -- 1.7.2.3 -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo in...

On Tue, 30 Apr 2019 at 10:40, Michal Privoznik <mprivozn@redhat.com> wrote: > Is there any problem running libvirtd as root? > > Yes, in the regulated environment in which I work! I have to do far more thorough threat analysis than I would do if I knew which capabilities it had. So far, we've accepted the extra work; but it would be wonderful to be able to run a locked-down

On 28.01.2014 12:46, Daniel P. Berrange wrote: > On Tue, Jan 28, 2014 at 12:32:41PM +0100, Jan Olszak wrote: >> Hi there! >> >> I am trying to turn on user namespace by adding following lines to the >> config: >> >> >> >> <idmap> >> >> <uid start='0' target='0' count='100000'/> >>

...is than I would do if I knew which capabilities it > > had. So far, we've accepted the extra work; but it would be wonderful to > > be able to run a locked-down virtualisation environment. > > Libvirtd system mode will want cap_net_admin in order to setup TAP devices > and cap_sys_admin to manage disk permissions to grant QEMU access, at which > point you've lost any security benefit of running it unprivileged with > selective capabilities. > > Would it fail hard without these, even if using (for example) pre-created Ceph block storage, which is our use case? Or w...

...FSFS_RENAMED) + return -EBUSY; + return 0; +} + /* copy of may_create in fs/namei.c() */ static inline int btrfs_may_create(struct inode *dir, struct dentry *child) { @@ -1288,9 +1358,6 @@ static noinline int btrfs_ioctl_snap_destroy(struct file *file, int ret; int err = 0; - if (!capable(CAP_SYS_ADMIN)) - return -EPERM; - vol_args = memdup_user(arg, sizeof(*vol_args)); if (IS_ERR(vol_args)) return PTR_ERR(vol_args); @@ -1320,13 +1387,45 @@ static noinline int btrfs_ioctl_snap_destroy(struct file *file, } inode = dentry->d_inode; + dest = BTRFS_I(inode)->root; + if (!capable(C...

...if I knew which capabilities it >>> had. So far, we've accepted the extra work; but it would be wonderful to >>> be able to run a locked-down virtualisation environment. >> >> Libvirtd system mode will want cap_net_admin in order to setup TAP devices >> and cap_sys_admin to manage disk permissions to grant QEMU access, at which >> point you've lost any security benefit of running it unprivileged with >> selective capabilities. >> >> Would it fail hard without these, even if using (for example) pre-created > Ceph block storage, which i...

...the sucap utility which changes uid from root without loosing any > capabilities. Normally all capabilities are cleared when changing uid > from root. The sucap utility requires the CAP_SETPCAP capability. > The following example starts updated under uid updated and gid updated > with CAP_SYS_ADMIN raised in the Effective set. > > sucap updated updated execcap 'cap_sys_admin=eip' update > Or if your kernel has support of file capiblies create a version of wine with a little more permissions. setfcaps -c cap_net_raw=p -e /bin/ping There has been no reason to run wine on L...

...] Failed to mount Debug File System. See 'systemctl status sys-kernel-debug.mount' for details. [FAILED] Failed to mount FUSE Control File System. See 'systemctl status sys-fs-fuse-connections.mount' for details. Based on knowledge, which gave Daniel: "When a syscall requires CAP_SYS_ADMIN, for example, the kernel will either use capable(CAP_SYS_ADMIN) which only succeeds in the host, or ns_capable(CAP_SYS_ADMIN) which is allowed to suceed in the container. Different filesystems have differing restrictions, but at this time the vast majority of filesystems require that capable(CA...

...long addr) { *************** *** 221,270 **** return ret; } static int balloon_write(struct file *file, const char *buffer, u_long count, void *data) { ! user_balloon_op_t bop; /* Only admin can play with the balloon :) */ if ( !capable(CAP_SYS_ADMIN) ) return -EPERM; ! if ( copy_from_user(&bop, buffer, sizeof(bop)) ) return -EFAULT; ! switch ( bop.op ) ! { ! case USER_INFLATE_BALLOON: ! if ( inflate_balloon(bop.size) < bop.size ) ! return -EAGAIN; ! break; !...

The kernel side for rescan, which is needed if you want to enable qgroup tracking on a non-empty volume. The first patch splits btrfs_qgroup_account_ref into readable ans reusable units. The second patch adds the rescan implementation (refer to its commit message for a description of the algorithm). The third patch starts an automatic rescan when qgroups are enabled. It is only separated to

...lude <drm/drm_auth.h> #include <drm/drm_framebuffer.h> +#include <drm/drm_gem.h> #include "drm_crtc_internal.h" @@ -438,7 +439,7 @@ int drm_mode_getfb(struct drm_device *dev, if (fb->funcs->create_handle) { if (drm_is_current_master(file_priv) || capable(CAP_SYS_ADMIN) || drm_is_control_client(file_priv)) { - ret = fb->funcs->create_handle(fb, file_priv, + ret = fb->funcs->create_handle(fb, 0, file_priv, &r->handle); } else { /* GET_FB() is an unprivileged ioctl so we must not @@ -458,6 +459,82 @@ int drm_mode_g...

Hi, Quoting Pavel Hrdina (2020-01-21 12:53:49) > On Mon, Jan 20, 2020 at 09:00:15PM +0100, Pol Van Aubel wrote: > > Hi, > > > > Quoting Pavel Hrdina (2020-01-20 14:29:36) > > > On Sat, Jan 18, 2020 at 11:17:11PM +0100, Pol Van Aubel wrote: > > > > Hi all, > > > > > > > > I've disabled cgroups v1 on my system with the kernel

...ner ? In my case nfs client and server in lxc work just fine, but with autofs hang on system call state(). I use CE7_64 on nodes and inside container with libvirt 1.2.18 May be I must set some of capabilities in <feature> (http://man7.org/linux/man-pages/man7/capabilities.7.html) ? I try only CAP_SYS_ADMIN and it's no solve problem. b.r. Maxim Kozin

...; thorough threat analysis than I would do if I knew which capabilities it > had. So far, we've accepted the extra work; but it would be wonderful to > be able to run a locked-down virtualisation environment. Libvirtd system mode will want cap_net_admin in order to setup TAP devices and cap_sys_admin to manage disk permissions to grant QEMU access, at which point you've lost any security benefit of running it unprivileged with selective capabilities. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o-...

...e > journal related to this action. > > <snip> > > I honestly don't know how to even begin debugging what's happening, what > the reason for the rejection is. I've spent a long afternoon reading into BPF, checking that I'm really running this as root, with CAP_SYS_ADMIN, etc, and am drawing a blank. Everything I'm looking at is telling me this *should* work, but it doesn't. Does anyone have a suggestion of how to either efficiently debug this issue (I'm not too familiar with tracing, but figuring out where the rejection actually happens might help?),...

Mandi! Fyodor Kravchenko via samba In chel di` si favelave... > Thank you, nesting is set to 1. Is there anything else we could check? AFAIK, no. Next step is use a privileged container, but really in this vase better using a VM. -- Berlusconi: "Da oggi sono a dieta" Il Paese lo ? gi? da 4 anni (Il Ruggito del Coniglio)

...to work for me. I have also attached instead of inline to solve problems with spaces/tabs. The patch will, on systems that have libcap support, drop capabilities that Dovecot doesn't need. For example there is no need for CAP_SYS_MODULE, which enables module loading or CAP_SYS_PTRACE/CAP_SYS_ADMIN/etc. If libcap isn't installed then nothing will change, this is a compile-time only enhancement that isn't configurable. Personally I did not find that CAP_SYS_CHROOT was needed in order for me to authenticate and access my mailbox, but I haven't configured anything special w...