qiurui
/
asterinas
mirror of https://github.com/asterinas/asterinas.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Check capabilities instead of the root

This commit is contained in:
Ruihan Li 2025-10-05 21:10:25 +08:00 committed by Jianfeng Jiang
parent 4b97da93e0
commit 7b212a6a25
2 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
kernel/src/net/socket/unix/ctrl_msg.rs
View File

@ -254,9 +254,7 @@ impl AuxiliaryData {
warn!("UNIX sockets in SCM_RIGHTS messages can leak kernel resource");
let credentials = current_thread!().as_posix_thread().unwrap().credentials();
if !credentials.euid().is_root()
&& !credentials.effective_capset().contains(CapSet::SYS_ADMIN)
{
if !credentials.effective_capset().contains(CapSet::SYS_ADMIN) {
return_errno_with_message!(
Errno::EPERM,
"UNIX sockets in SCM_RIGHTS messages can leak kernel resource"

2
kernel/src/net/socket/util/options.rs
View File

@ -242,7 +242,7 @@ fn check_current_privileged() -> Result<()> {
posix_thread.credentials()
};
if credentials.euid().is_root() || credentials.effective_capset().contains(CapSet::NET_ADMIN) {
if credentials.effective_capset().contains(CapSet::NET_ADMIN) {
return Ok(());
}