オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.6.x/ccs-patch/fs/sakura_chroot.c

Diff of /trunk/1.6.x/ccs-patch/fs/sakura_chroot.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

trunk/ccs-patch/fs/sakura_chroot.c revision 240 by kumaneko, Fri May 25 12:57:26 2007 UTC trunk/1.5.x/ccs-patch/fs/sakura_chroot.c revision 731 by kumaneko, Tue Nov 27 04:48:59 2007 UTC
# Line 5  Line 5 
5   *   *
6   * Copyright (C) 2005-2007  NTT DATA CORPORATION   * Copyright (C) 2005-2007  NTT DATA CORPORATION
7   *   *
8   * Version: 1.4.1-rc2   2007/05/25   * Version: 1.5.2-pre   2007/11/27
9   *   *
10   * This file is applicable to both 2.4.30 and 2.6.11 and later.   * This file is applicable to both 2.4.30 and 2.6.11 and later.
11   * See README.ccs for ChangeLog.   * See README.ccs for ChangeLog.
# Line 27  extern const char *ccs_log_level; Line 27  extern const char *ccs_log_level;
27  /***** The structure for chroot restrictions. *****/  /***** The structure for chroot restrictions. *****/
28    
29  struct chroot_entry {  struct chroot_entry {
30          struct chroot_entry *next;          struct list1_head list;
31          const struct path_info *dir;          const struct path_info *dir;
32          int is_deleted;          bool is_deleted;
33  };  };
34    
35  /*************************  CHROOT RESTRICTION HANDLER  *************************/  /*************************  CHROOT RESTRICTION HANDLER  *************************/
36    
37  static struct chroot_entry *chroot_list = NULL;  static LIST1_HEAD(chroot_list);
38    
39  static int AddChrootACL(const char *dir, const int is_delete)  static int AddChrootACL(const char *dir, const bool is_delete)
40  {  {
41          struct chroot_entry *new_entry, *ptr;          struct chroot_entry *new_entry, *ptr;
42          const struct path_info *saved_dir;          const struct path_info *saved_dir;
43          static DECLARE_MUTEX(lock);          static DEFINE_MUTEX(lock);
44          int error = -ENOMEM;          int error = -ENOMEM;
45          if (!IsCorrectPath(dir, 1, 0, 1, __FUNCTION__)) return -EINVAL;          if (!IsCorrectPath(dir, 1, 0, 1, __FUNCTION__)) return -EINVAL;
46          if ((saved_dir = SaveName(dir)) == NULL) return -ENOMEM;          if ((saved_dir = SaveName(dir)) == NULL) return -ENOMEM;
47          down(&lock);          mutex_lock(&lock);
48          for (ptr = chroot_list; ptr; ptr = ptr->next) {          list1_for_each_entry(ptr, &chroot_list, list) {
49                  if (ptr->dir == saved_dir) {                  if (ptr->dir == saved_dir) {
50                          ptr->is_deleted = is_delete;                          ptr->is_deleted = is_delete;
51                          error = 0;                          error = 0;
# Line 58  static int AddChrootACL(const char *dir, Line 58  static int AddChrootACL(const char *dir,
58          }          }
59          if ((new_entry = alloc_element(sizeof(*new_entry))) == NULL) goto out;          if ((new_entry = alloc_element(sizeof(*new_entry))) == NULL) goto out;
60          new_entry->dir = saved_dir;          new_entry->dir = saved_dir;
61          mb(); /* Instead of using spinlock. */          list1_add_tail_mb(&new_entry->list, &chroot_list);
         if ((ptr = chroot_list) != NULL) {  
                 while (ptr->next) ptr = ptr->next; ptr->next = new_entry;  
         } else {  
                 chroot_list = new_entry;  
         }  
62          error = 0;          error = 0;
63          printk("%sAllow chroot() to %s\n", ccs_log_level, dir);          printk("%sAllow chroot() to %s\n", ccs_log_level, dir);
64   out:   out:
65          up(&lock);          mutex_unlock(&lock);
66          return error;          return error;
67  }  }
68    
# Line 83  int CheckChRootPermission(struct nameida Line 78  int CheckChRootPermission(struct nameida
78                  fill_path_info(&dir);                  fill_path_info(&dir);
79                  if (dir.is_dir) {                  if (dir.is_dir) {
80                          struct chroot_entry *ptr;                          struct chroot_entry *ptr;
81                          for (ptr = chroot_list; ptr; ptr = ptr->next) {                          list1_for_each_entry(ptr, &chroot_list, list) {
82                                  if (ptr->is_deleted) continue;                                  if (ptr->is_deleted) continue;
83                                  if (PathMatchesToPattern(&dir, ptr->dir)) {                                  if (PathMatchesToPattern(&dir, ptr->dir)) {
84                                          error = 0;                                          error = 0;
# Line 93  int CheckChRootPermission(struct nameida Line 88  int CheckChRootPermission(struct nameida
88                  }                  }
89          }          }
90          if (error) {          if (error) {
91                  const int is_enforce = CheckCCSEnforce(CCS_SAKURA_RESTRICT_CHROOT);                  const bool is_enforce = CheckCCSEnforce(CCS_SAKURA_RESTRICT_CHROOT);
92                  const char *exename = GetEXE();                  const char *exename = GetEXE();
93                  printk("SAKURA-%s: chroot %s (pid=%d:exe=%s): Permission denied.\n", GetMSG(is_enforce), root_name, current->pid, exename);                  printk("SAKURA-%s: chroot %s (pid=%d:exe=%s): Permission denied.\n", GetMSG(is_enforce), root_name, current->pid, exename);
94                  if (is_enforce && CheckSupervisor("# %s is requesting\nchroot %s\n", exename, root_name) == 0) error = 0;                  if (is_enforce && CheckSupervisor("# %s is requesting\nchroot %s\n", exename, root_name) == 0) error = 0;
95                  if (exename) ccs_free(exename);                  if (exename) ccs_free(exename);
96                  if (!is_enforce && CheckCCSAccept(CCS_SAKURA_RESTRICT_CHROOT) && root_name) {                  if (!is_enforce && CheckCCSAccept(CCS_SAKURA_RESTRICT_CHROOT, NULL) && root_name) {
97                          AddChrootACL(root_name, 0);                          AddChrootACL(root_name, 0);
98                          UpdateCounter(CCS_UPDATES_COUNTER_SYSTEM_POLICY);                          UpdateCounter(CCS_UPDATES_COUNTER_SYSTEM_POLICY);
99                  }                  }
# Line 109  int CheckChRootPermission(struct nameida Line 104  int CheckChRootPermission(struct nameida
104  }  }
105  EXPORT_SYMBOL(CheckChRootPermission);  EXPORT_SYMBOL(CheckChRootPermission);
106    
107  int AddChrootPolicy(char *data, const int is_delete)  int AddChrootPolicy(char *data, const bool is_delete)
108  {  {
109          return AddChrootACL(data, is_delete);          return AddChrootACL(data, is_delete);
110  }  }
111    
112  int ReadChrootPolicy(struct io_buffer *head)  int ReadChrootPolicy(struct io_buffer *head)
113  {  {
114          struct chroot_entry *ptr = head->read_var2;          struct list1_head *pos;
115          if (!ptr) ptr = chroot_list;          list1_for_each_cookie(pos, head->read_var2, &chroot_list) {
116          while (ptr) {                  struct chroot_entry *ptr;
117                  head->read_var2 = ptr;                  ptr = list1_entry(pos, struct chroot_entry, list);
118                  if (ptr->is_deleted == 0 && io_printf(head, KEYWORD_ALLOW_CHROOT "%s\n", ptr->dir->name)) break;                  if (ptr->is_deleted) continue;
119                  ptr = ptr->next;                  if (io_printf(head, KEYWORD_ALLOW_CHROOT "%s\n", ptr->dir->name)) return -ENOMEM;
120          }          }
121          return ptr ? -ENOMEM : 0;          return 0;
122  }  }
123    
124  /***** SAKURA Linux end. *****/  /***** SAKURA Linux end. *****/
Legend:
Removed from v.240  
changed lines
  Added in v.731
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ