Google Git
Sign in
cos / third_party / kernel / 11c1c98b69dbd1124a497438928911f411a93e85
commit11c1c98b69dbd1124a497438928911f411a93e85[log] [tgz]
authorEric W. Biederman <[email protected]>Thu Jan 20 11:04:01 2022 -0600
committerRoy Yang <[email protected]>Mon Feb 07 21:16:28 2022 +0000
treef1b4f5fa484a20c4a55263eca33ac09e6ea69d4d
parent2cb834e735121caafe5b0172f3453ee24dfbde0b [diff]
cgroup-v1: Require capabilities to set release_agent

commit 24f6008564183aa120d07c03d9289519c2fe02af upstream.

The cgroup release_agent is called with call_usermodehelper.  The function
call_usermodehelper starts the release_agent with a full set fo capabilities.
Therefore require capabilities when setting the release_agaent.

BUG=b/218320447
TEST=presubmit
RELEASE_NOTE=This resolves CVE-2022-0492

cos-patch: security-moderate
Reported-by: Tabitha Sable <[email protected]>
Tested-by: Tabitha Sable <[email protected]>
Fixes: 81a6a5cdd2c5 ("Task Control Groups: automatic userspace notification of idle cgroups")
Cc: [email protected] # v2.6.24+
Signed-off-by: "Eric W. Biederman" <[email protected]>
Signed-off-by: Tejun Heo <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
Change-Id: Ib3927bc242ecb3ba815788073fca78f3bebf368d
Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/29043
Reviewed-by: Robert Kolchmeyer <[email protected]>
Tested-by: Roy Yang <[email protected]>
1 file changed
tree: f1b4f5fa484a20c4a55263eca33ac09e6ea69d4d
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. LICENSES/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .clang-format
  24. .cocciconfig
  25. .get_maintainer.ignore
  26. .gitattributes
  27. .gitignore
  28. .mailmap
  29. COPYING
  30. CREDITS
  31. Kbuild
  32. Kconfig
  33. MAINTAINERS
  34. Makefile
  35. PRESUBMIT.cfg
  36. README