オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.6.x/ccs-patch/fs/sakura_chroot.c

Diff of /trunk/1.6.x/ccs-patch/fs/sakura_chroot.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 1260 by kumaneko, Thu Jun 5 07:18:45 2008 UTC revision 1778 by kumaneko, Tue Nov 4 04:30:02 2008 UTC
# Line 5  Line 5 
5   *   *
6   * Copyright (C) 2005-2008  NTT DATA CORPORATION   * Copyright (C) 2005-2008  NTT DATA CORPORATION
7   *   *
8   * Version: 1.6.1   2008/06/05   * Version: 1.6.5-pre   2008/11/04
9   *   *
10   * This file is applicable to both 2.4.30 and 2.6.11 and later.   * This file is applicable to both 2.4.30 and 2.6.11 and later.
11   * See README.ccs for ChangeLog.   * See README.ccs for ChangeLog.
# Line 79  static int update_chroot_acl(const char Line 79  static int update_chroot_acl(const char
79  /**  /**
80   * print_error - Print error message.   * print_error - Print error message.
81   *   *
82     * @r:         Pointer to "struct ccs_request_info".
83   * @root_name: Requested directory name.   * @root_name: Requested directory name.
  * @mode:      Access control mode.  
84   *   *
85   * Returns 0 if @mode is not enforcing mode or permitted by the administrator's   * Returns 0 if @r->mode is not enforcing mode or permitted by the
86   * decision, negative value otherwise.   * administrator's decision, negative value otherwise.
87   */   */
88  static int print_error(const char *root_name, const u8 mode)  static int print_error(struct ccs_request_info *r, const char *root_name)
89  {  {
90          int error;          int error;
91          const bool is_enforce = (mode == 3);          const bool is_enforce = (r->mode == 3);
92          const char *exename = ccs_get_exe();          const char *exename = ccs_get_exe();
93          printk(KERN_WARNING "SAKURA-%s: chroot %s (pid=%d:exe=%s): "          printk(KERN_WARNING "SAKURA-%s: chroot %s (pid=%d:exe=%s): "
94                 "Permission denied.\n", ccs_get_msg(is_enforce),                 "Permission denied.\n", ccs_get_msg(is_enforce),
95                 root_name, current->pid, exename);                 root_name, (pid_t) sys_getpid(), exename);
96          if (is_enforce)          if (is_enforce)
97                  error = ccs_check_supervisor(NULL, "# %s is requesting\n"                  error = ccs_check_supervisor(r,
98                                               "chroot %s\n", exename, root_name);                                               "# %s is requesting\nchroot %s\n",
99                                                 exename, root_name);
100          else          else
101                  error = 0;                  error = 0;
102          if (exename)          if (exename)
103                  ccs_free(exename);                  ccs_free(exename);
104          if (mode == 1 && root_name)          if (r->mode == 1 && root_name)
105                  update_chroot_acl(root_name, false);                  update_chroot_acl(root_name, false);
106          return error;          return error;
107  }  }
108    
109    #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 27)
110    #define PATH_or_NAMEIDATA path
111    #else
112    #define PATH_or_NAMEIDATA nameidata
113    #endif
114  /**  /**
115   * ccs_check_chroot_permission - Check permission for chroot().   * ccs_check_chroot_permission - Check permission for chroot().
116   *   *
117   * @nd: Pointer to "struct nameidata".   * @path: Pointer to "struct path" (for 2.6.27 and later).
118     *        Pointer to "struct nameidata" (for 2.6.26 and earlier).
119   *   *
120   * Returns 0 on success, negative value otherwise.   * Returns 0 on success, negative value otherwise.
121   */   */
122  int ccs_check_chroot_permission(struct nameidata *nd)  int ccs_check_chroot_permission(struct PATH_or_NAMEIDATA *path)
123  {  {
124          int error = -EPERM;          struct ccs_request_info r;
125            int error;
126          char *root_name;          char *root_name;
127          const u8 mode = ccs_check_flags(CCS_SAKURA_RESTRICT_CHROOT);          if (!ccs_can_sleep())
         if (!mode)  
128                  return 0;                  return 0;
129  #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 25)          ccs_init_request_info(&r, NULL, CCS_SAKURA_RESTRICT_CHROOT);
130          root_name = ccs_realpath_from_dentry(nd->path.dentry, nd->path.mnt);          if (!r.mode)
131                    return 0;
132     retry:
133            error = -EPERM;
134    #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 25) && LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 26)
135            root_name = ccs_realpath_from_dentry(path->path.dentry, path->path.mnt);
136  #else  #else
137          root_name = ccs_realpath_from_dentry(nd->dentry, nd->mnt);          root_name = ccs_realpath_from_dentry(path->dentry, path->mnt);
138  #endif  #endif
139          if (root_name) {          if (root_name) {
140                  struct path_info dir;                  struct path_info dir;
# Line 141  int ccs_check_chroot_permission(struct n Line 153  int ccs_check_chroot_permission(struct n
153                  }                  }
154          }          }
155          if (error)          if (error)
156                  error = print_error(root_name, mode);                  error = print_error(&r, root_name);
157          ccs_free(root_name);          ccs_free(root_name);
158            if (error == 1) {
159                    r.retry++;
160                    goto retry;
161            }
162          return error;          return error;
163  }  }
164    
Legend:
Removed from v.1260  
changed lines
  Added in v.1778
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ