netfilter: xt_owner: Add supplementary groups option

The XT_OWNER_SUPPL_GROUPS flag causes GIDs specified with XT_OWNER_GID to be also checked in the supplementary groups of a process. f_cred->group_info cannot be modified during its lifetime and f_cred holds a reference to it so it's safe to use. Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Lukasz Pawelczyk <l.pawelczyk@samsung.com> 2019-05-10 13:46:22 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2019-05-31 18:02:41 +0200
commit: ea6cc2fd8a2b89ab6dcd096ba6dbc1ecbdf26564 (patch)
tree: 5cc3928e493b7af80fdb71a114c55301630e44dd /include
parent: 508f744c0de38f517a94cc2d0bf8e118271b9645 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/include/uapi/linux/netfilter/xt_owner.h b/include/uapi/linux/netfilter/xt_owner.h
index fa3ad84957d5..9e98c09eda32 100644
--- a/include/uapi/linux/netfilter/xt_owner.h
+++ b/include/uapi/linux/netfilter/xt_owner.h
@@ -5,9 +5,10 @@
 #include <linux/types.h>
 
 enum {
-	XT_OWNER_UID    = 1 << 0,
-	XT_OWNER_GID    = 1 << 1,
-	XT_OWNER_SOCKET = 1 << 2,
+	XT_OWNER_UID          = 1 << 0,
+	XT_OWNER_GID          = 1 << 1,
+	XT_OWNER_SOCKET       = 1 << 2,
+	XT_OWNER_SUPPL_GROUPS = 1 << 3,
 };
 
 struct xt_owner_match_info {
author	Lukasz Pawelczyk <l.pawelczyk@samsung.com>	2019-05-10 13:46:22 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2019-05-31 18:02:41 +0200
commit	ea6cc2fd8a2b89ab6dcd096ba6dbc1ecbdf26564 (patch)
tree	5cc3928e493b7af80fdb71a114c55301630e44dd /include
parent	508f744c0de38f517a94cc2d0bf8e118271b9645 (diff)