diff options
| author | Julius Hemanth Pitti <[email protected]> | 2022-05-13 16:58:15 -0700 |
|---|---|---|
| committer | Andrew Morton <[email protected]> | 2022-05-13 16:58:15 -0700 |
| commit | c7031c144043c5b9a9b8827aaf44a67937559418 (patch) | |
| tree | 3fd6171000d852799cbeb1a1637882d4185e79bd /scripts/gdb/linux/tasks.py | |
| parent | 25d9767831d3dcae8f9f278555ba9ed57b30bbce (diff) | |
proc/sysctl: make protected_* world readable
protected_* files have 600 permissions which prevents non-superuser from
reading them.
Container like "AWS greengrass" refuse to launch unless
protected_hardlinks and protected_symlinks are set. When containers like
these run with "userns-remap" or "--user" mapping container's root to
non-superuser on host, they fail to run due to denied read access to these
files.
As these protections are hardly a secret, and do not possess any security
risk, making them world readable.
Though above greengrass usecase needs read access to only
protected_hardlinks and protected_symlinks files, setting all other
protected_* files to 644 to keep consistency.
Link: http://lkml.kernel.org/r/[email protected]
Fixes: 800179c9b8a1 ("fs: add link restrictions")
Signed-off-by: Julius Hemanth Pitti <[email protected]>
Acked-by: Kees Cook <[email protected]>
Acked-by: Luis Chamberlain <[email protected]>
Cc: Iurii Zaikin <[email protected]>
Cc: Ingo Molnar <[email protected]>
Cc: Al Viro <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Diffstat (limited to 'scripts/gdb/linux/tasks.py')
0 files changed, 0 insertions, 0 deletions