git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Ondrej Mosnacek <omosnace@redhat.com>
	Thu, 4 Dec 2025 12:59:16 +0000 (13:59 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 19 Jan 2026 12:09:41 +0000 (13:09 +0100)
commit	b3f937e8912d654c34427b09ad805ec6e288d616
tree	c4abcfcf9f435eb15d67ad3ee6b7ee138ed18bda	tree \| snapshot
parent	2ed5e0ca5d9a7bc39222567e0938bff5ee0cdf3c	commit \| diff

bpf, arm64: Do not audit capability check in do_jit()

[ Upstream commit 189e5deb944a6f9c7992355d60bffd8ec2e54a9c ]

Analogically to the x86 commit 881a9c9cb785 ("bpf: Do not audit
capability check in do_jit()"), change the capable() call to
ns_capable_noaudit() in order to avoid spurious SELinux denials in audit
log.

The commit log from that commit applies here as well:
"""
The failure of this check only results in a security mitigation being
applied, slightly affecting performance of the compiled BPF program. It
doesn't result in a failed syscall, an thus auditing a failed LSM
permission check for it is unwanted. For example with SELinux, it causes
a denial to be reported for confined processes running as root, which
tends to be flagged as a problem to be fixed in the policy. Yet
dontauditing or allowing CAP_SYS_ADMIN to the domain may not be
desirable, as it would allow/silence also other checks - either going
against the principle of least privilege or making debugging potentially
harder.

Fix it by changing it from capable() to ns_capable_noaudit(), which
instructs the LSMs to not audit the resulting denials.
"""

Fixes: f300769ead03 ("arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Link: https://lore.kernel.org/r/20251204125916.441021-1-omosnace@redhat.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>