blob: 6926df857179c95a624b2c07c019f9d9118be80f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
Bug: https://github.com/falcosecurity/libs/issues/1063
Subset of patch taken from: https://github.com/falcosecurity/libs/pull/1071
diff --git a/driver/ppm_fillers.c b/driver/ppm_fillers.c
index 0441923c6d..cfa967f134 100644
--- a/driver/ppm_fillers.c
+++ b/driver/ppm_fillers.c
@@ -1329,7 +1329,10 @@ int f_proc_startupdate(struct event_filler_arguments *args)
if (exe_file != NULL) {
if (file_inode(exe_file) != NULL) {
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 12, 0)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 3, 0)
+ exe_writable |= (file_permission(exe_file, MAY_WRITE) == 0);
+ exe_writable |= inode_owner_or_capable(file_mnt_idmap(exe_file), file_inode(exe_file));
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(5, 12, 0)
exe_writable |= (inode_permission(current_user_ns(), file_inode(exe_file), MAY_WRITE) == 0);
exe_writable |= inode_owner_or_capable(current_user_ns(), file_inode(exe_file));
#else
|
GitWeb
