Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

EL permission rules clarification #432

Closed
tomaird opened this issue Oct 22, 2024 · 2 comments · Fixed by #436
Closed

EL permission rules clarification #432

tomaird opened this issue Oct 22, 2024 · 2 comments · Fixed by #436

Comments

@tomaird
Copy link
Contributor

tomaird commented Oct 22, 2024

The summary table describes that CL and EL are only cleared if CL=0 on the auth cap (amongst other conditions):

image

But all the descriptions of EL don't mention that CL must be zero on the auth cap, but do mention all the other conditions. e.g. in LC:

image

I'm assuming the table is correct and auth_cap.CL=0 is required to clear CL and EL in the data cap, but it's a bit confusing to leave this out of these text descriptions.

Note, this is not a problem for the SL-perm rules which describe the conditions in full.

@jamie-melling
Copy link

To me, it seems like changing the CL is more like a demotion than removing a permission. If your auth cap is Global, then you can load Local or Global capabilities, but if your capability is Local, then can only load Local capabilities using it - hence setting CL=0 when auth_cap.CL ==0.
"restricting capability level to the level of the authorizing capability" is more future proof wording if the capability levels were ever increased.

@arichardson
Copy link
Collaborator

It looks like this is incorrect, EL should always be cleared if the authorizing cap does not have EL.

tariqkurd-repo added a commit that referenced this issue Oct 29, 2024
Fix #432

---------

Signed-off-by: Tariq Kurd <[email protected]>
Co-authored-by: Alexander Richardson <[email protected]>
arichardson added a commit that referenced this issue Oct 30, 2024
When the authorizing EL is zero, we also clear EL on the loaded cap
(if it is tagged).

Fixes: #432
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants