capabilities: fix logic for effective root or real root
authorRichard Guy Briggs <rgb@redhat.com>
Thu, 12 Oct 2017 00:57:13 +0000 (20:57 -0400)
committerJames Morris <james.l.morris@oracle.com>
Fri, 20 Oct 2017 04:22:45 +0000 (15:22 +1100)
commit588fb2c7e294753d3090a1dc2e7c34e7e3ce5aff
tree3f305c99b9f1cc2d5d076e464c7399c651fe285b
parentc0d1adefe0a3775cc16374dc9ebdfd8504afa14b
capabilities: fix logic for effective root or real root

Now that the logic is inverted, it is much easier to see that both real
root and effective root conditions had to be met to avoid printing the
BPRM_FCAPS record with audit syscalls.  This meant that any setuid root
applications would print a full BPRM_FCAPS record when it wasn't
necessary, cluttering the event output, since the SYSCALL and PATH
records indicated the presence of the setuid bit and effective root user
id.

Require only one of effective root or real root to avoid printing the
unnecessary record.

Ref: commit 3fc689e96c0c ("Add audit_log_bprm_fcaps/AUDIT_BPRM_FCAPS")
See: https://github.com/linux-audit/audit-kernel/issues/16

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
Acked-by: James Morris <james.l.morris@oracle.com>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
security/commoncap.c