/[vps]/vserver-sources/2.0.1-r4/4915_vs2.0.1-vxcapable-fix.patch
Gentoo

Contents of /vserver-sources/2.0.1-r4/4915_vs2.0.1-vxcapable-fix.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 342 - (show annotations) (download)
Fri Apr 28 06:48:39 2006 UTC (8 years, 3 months ago) by hollow
File size: 7074 byte(s)
fix #131427; bump
1 Index: linux-2.6.15/fs/namespace.c
2 ===================================================================
3 --- linux-2.6.15.orig/fs/namespace.c
4 +++ linux-2.6.15/fs/namespace.c
5 @@ -671,7 +671,7 @@ asmlinkage long sys_umount(char __user *
6 goto dput_and_out;
7
8 retval = -EPERM;
9 - if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SECURE_MOUNT))
10 + if (!vx_capable(CAP_SYS_ADMIN, VXC_SECURE_MOUNT))
11 goto dput_and_out;
12
13 retval = do_umount(nd.mnt, flags);
14 @@ -695,9 +695,7 @@ asmlinkage long sys_oldumount(char __use
15
16 static int mount_is_safe(struct nameidata *nd)
17 {
18 - if (capable(CAP_SYS_ADMIN))
19 - return 0;
20 - if (vx_ccaps(VXC_SECURE_MOUNT))
21 + if (vx_capable(CAP_SYS_ADMIN, VXC_SECURE_MOUNT))
22 return 0;
23 return -EPERM;
24 #ifdef notyet
25 @@ -989,7 +987,7 @@ static int do_remount(struct nameidata *
26 int err;
27 struct super_block *sb = nd->mnt->mnt_sb;
28
29 - if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SECURE_REMOUNT))
30 + if (!vx_capable(CAP_SYS_ADMIN, VXC_SECURE_REMOUNT))
31 return -EPERM;
32
33 if (!check_mnt(nd->mnt))
34 @@ -1023,7 +1021,7 @@ static int do_move_mount(struct nameidat
35 struct nameidata old_nd, parent_nd;
36 struct vfsmount *p;
37 int err = 0;
38 - if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SECURE_MOUNT))
39 + if (!vx_capable(CAP_SYS_ADMIN, VXC_SECURE_MOUNT))
40 return -EPERM;
41 if (!old_name || !*old_name)
42 return -EINVAL;
43 @@ -1103,7 +1101,7 @@ static int do_new_mount(struct nameidata
44 return -EINVAL;
45
46 /* we need capabilities... */
47 - if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SECURE_MOUNT))
48 + if (!vx_capable(CAP_SYS_ADMIN, VXC_SECURE_MOUNT))
49 return -EPERM;
50
51 mnt = do_kern_mount(type, flags, name, data);
52 @@ -1421,7 +1419,7 @@ int copy_namespace(int flags, struct tas
53 if (!(flags & CLONE_NEWNS))
54 return 0;
55
56 - if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SECURE_MOUNT)) {
57 + if (!vx_capable(CAP_SYS_ADMIN, VXC_SECURE_MOUNT)) {
58 put_namespace(namespace);
59 return -EPERM;
60 }
61 Index: linux-2.6.15/fs/quota.c
62 ===================================================================
63 --- linux-2.6.15.orig/fs/quota.c
64 +++ linux-2.6.15/fs/quota.c
65 @@ -83,11 +83,11 @@ static int generic_quotactl_valid(struct
66 if (cmd == Q_GETQUOTA) {
67 if (((type == USRQUOTA && current->euid != id) ||
68 (type == GRPQUOTA && !in_egroup_p(id))) &&
69 - !capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_QUOTA_CTL))
70 + !vx_capable(CAP_SYS_ADMIN, VXC_QUOTA_CTL))
71 return -EPERM;
72 }
73 else if (cmd != Q_GETFMT && cmd != Q_SYNC && cmd != Q_GETINFO)
74 - if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_QUOTA_CTL))
75 + if (!vx_capable(CAP_SYS_ADMIN, VXC_QUOTA_CTL))
76 return -EPERM;
77
78 return 0;
79 @@ -134,10 +134,10 @@ static int xqm_quotactl_valid(struct sup
80 if (cmd == Q_XGETQUOTA) {
81 if (((type == XQM_USRQUOTA && current->euid != id) ||
82 (type == XQM_GRPQUOTA && !in_egroup_p(id))) &&
83 - !capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_QUOTA_CTL))
84 + !vx_capable(CAP_SYS_ADMIN, VXC_QUOTA_CTL))
85 return -EPERM;
86 } else if (cmd != Q_XGETQSTAT && cmd != Q_XQUOTASYNC) {
87 - if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_QUOTA_CTL))
88 + if (!vx_capable(CAP_SYS_ADMIN, VXC_QUOTA_CTL))
89 return -EPERM;
90 }
91
92 Index: linux-2.6.15/fs/super.c
93 ===================================================================
94 --- linux-2.6.15.orig/fs/super.c
95 +++ linux-2.6.15/fs/super.c
96 @@ -815,7 +815,7 @@ do_kern_mount(const char *fstype, int fl
97
98 sb = ERR_PTR(-EPERM);
99 if ((type->fs_flags & FS_BINARY_MOUNTDATA) &&
100 - !capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_BINARY_MOUNT))
101 + !vx_capable(CAP_SYS_ADMIN, VXC_BINARY_MOUNT))
102 goto out;
103
104 sb = ERR_PTR(-ENOMEM);
105 Index: linux-2.6.15/include/linux/vs_base.h
106 ===================================================================
107 --- linux-2.6.15.orig/include/linux/vs_base.h
108 +++ linux-2.6.15/include/linux/vs_base.h
109 @@ -98,6 +98,9 @@ static inline int __vx_check(xid_t cid,
110 (current->vx_info && \
111 (current->vx_info->vx_initpid == (n)))
112
113 +#define vx_capable(b,c) (capable(b) || \
114 + ((current->euid == 0) && vx_ccaps(c)))
115 +
116
117 #else
118 #warning duplicate inclusion
119 Index: linux-2.6.15/kernel/sys.c
120 ===================================================================
121 --- linux-2.6.15.orig/kernel/sys.c
122 +++ linux-2.6.15/kernel/sys.c
123 @@ -1531,7 +1531,7 @@ asmlinkage long sys_sethostname(char __u
124 int errno;
125 char tmp[__NEW_UTS_LEN];
126
127 - if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SET_UTSNAME))
128 + if (!vx_capable(CAP_SYS_ADMIN, VXC_SET_UTSNAME))
129 return -EPERM;
130 if (len < 0 || len > __NEW_UTS_LEN)
131 return -EINVAL;
132 @@ -1580,7 +1580,7 @@ asmlinkage long sys_setdomainname(char _
133 int errno;
134 char tmp[__NEW_UTS_LEN];
135
136 - if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SET_UTSNAME))
137 + if (!vx_capable(CAP_SYS_ADMIN, VXC_SET_UTSNAME))
138 return -EPERM;
139 if (len < 0 || len > __NEW_UTS_LEN)
140 return -EINVAL;
141 @@ -1648,7 +1648,7 @@ asmlinkage long sys_setrlimit(unsigned i
142 return -EINVAL;
143 old_rlim = current->signal->rlim + resource;
144 if ((new_rlim.rlim_max > old_rlim->rlim_max) &&
145 - !capable(CAP_SYS_RESOURCE) && !vx_ccaps(VXC_SET_RLIMIT))
146 + !vx_capable(CAP_SYS_RESOURCE, VXC_SET_RLIMIT))
147 return -EPERM;
148 if (resource == RLIMIT_NOFILE && new_rlim.rlim_max > NR_OPEN)
149 return -EPERM;
150 Index: linux-2.6.15/security/commoncap.c
151 ===================================================================
152 --- linux-2.6.15.orig/security/commoncap.c
153 +++ linux-2.6.15/security/commoncap.c
154 @@ -312,7 +312,7 @@ void cap_task_reparent_to_init (struct t
155 int cap_syslog (int type)
156 {
157 if ((type != 3 && type != 10) &&
158 - !capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SYSLOG))
159 + !vx_capable(CAP_SYS_ADMIN, VXC_SYSLOG))
160 return -EPERM;
161 return 0;
162 }
163 Index: linux-2.6.15/security/security.c
164 ===================================================================
165 --- linux-2.6.15.orig/security/security.c
166 +++ linux-2.6.15/security/security.c
167 @@ -197,24 +197,10 @@ int capable(int cap)
168 return 1;
169 }
170
171 -int vx_capable(int cap, int ccap)
172 -{
173 - if (security_ops->capable(current, cap)) {
174 - /* capability denied */
175 - return 0;
176 - }
177 - if (!vx_ccaps(ccap))
178 - return 0;
179 -
180 - /* capability granted */
181 - current->flags |= PF_SUPERPRIV;
182 - return 1;
183 -}
184
185 EXPORT_SYMBOL_GPL(register_security);
186 EXPORT_SYMBOL_GPL(unregister_security);
187 EXPORT_SYMBOL_GPL(mod_reg_security);
188 EXPORT_SYMBOL_GPL(mod_unreg_security);
189 EXPORT_SYMBOL(capable);
190 -EXPORT_SYMBOL(vx_capable);
191 EXPORT_SYMBOL(security_ops);
192 Index: linux-2.6.15/include/linux/sched.h
193 ===================================================================
194 --- linux-2.6.15.orig/include/linux/sched.h
195 +++ linux-2.6.15/include/linux/sched.h
196 @@ -1125,7 +1125,6 @@ static inline int sas_ss_flags(unsigned
197 #ifdef CONFIG_SECURITY
198 /* code is in security.c */
199 extern int capable(int cap);
200 -extern int vx_capable(int cap, int ccap);
201 #else
202 static inline int capable(int cap)
203 {
204 @@ -1137,16 +1136,6 @@ static inline int capable(int cap)
205 }
206 return 0;
207 }
208 -
209 -static inline int vx_capable(int cap, int ccap)
210 -{
211 - if (cap_raised(current->cap_effective, cap) &&
212 - vx_ccaps(ccap)) {
213 - current->flags |= PF_SUPERPRIV;
214 - return 1;
215 - }
216 - return 0;
217 -}
218 #endif
219
220 /*

  ViewVC Help
Powered by ViewVC 1.1.20