Diff of /trunk/1.6.x/ccs-patch/fs/sakura_chroot.c

TOMOYO

 Subversion リポジトリの参照



/[tomoyo]/trunk/1.6.x/ccs-patch/fs/sakura_chroot.c




Diff of /trunk/1.6.x/ccs-patch/fs/sakura_chroot.c



 Parent Directory

|  Revision Log



|  Patch














revision 808 by kumaneko,
Mon Dec 17 04:06:21 2007 UTC




revision 815 by kumaneko,
Tue Dec 18 07:13:08 2007 UTC






#

Line 5 



Line 5 













5
  *
  *

















6
  * Copyright (C) 2005-2007  NTT DATA CORPORATION
  * Copyright (C) 2005-2007  NTT DATA CORPORATION

















7
  *
  *















8


  * Version: 1.5.3-pre   2007/12/17


  * Version: 1.5.3-pre   2007/12/18















9
  *
  *

















10
  * This file is applicable to both 2.4.30 and 2.6.11 and later.
  * This file is applicable to both 2.4.30 and 2.6.11 and later.

















11
  * See README.ccs for ChangeLog.
  * See README.ccs for ChangeLog.











#

Line 70 
 int CheckChRootPermission(struct nameida


Line 70 
 int CheckChRootPermission(struct nameida












70
 {
 {

















71
         int error = -EPERM;
         int error = -EPERM;

















72
         char *root_name;
         char *root_name;















73


         if (!CheckCCSFlags(CCS_SAKURA_RESTRICT_CHROOT)) return 0;


         const unsigned int mode = CheckCCSFlags(CCS_SAKURA_RESTRICT_CHROOT); 













74


 


         if (!mode) return 0;















75
         root_name = realpath_from_dentry(nd->dentry, nd->mnt);
         root_name = realpath_from_dentry(nd->dentry, nd->mnt);

















76
         if (root_name) {
         if (root_name) {

















77
                 struct path_info dir;
                 struct path_info dir;











#

Line 88 
 int CheckChRootPermission(struct nameida


Line 89 
 int CheckChRootPermission(struct nameida












89
                 }
                 }

















90
         }
         }

















91
         if (error) {
         if (error) {















92


                 const bool is_enforce = CheckCCSEnforce(CCS_SAKURA_RESTRICT_CHROOT);


                 const bool is_enforce = (mode == 3);















93
                 const char *exename = GetEXE();
                 const char *exename = GetEXE();

















94
                 printk("SAKURA-%s: chroot %s (pid=%d:exe=%s): Permission denied.\n", GetMSG(is_enforce), root_name, current->pid, exename);
                 printk("SAKURA-%s: chroot %s (pid=%d:exe=%s): Permission denied.\n", GetMSG(is_enforce), root_name, current->pid, exename);

















95
                 if (is_enforce && CheckSupervisor("# %s is requesting\nchroot %s\n", exename, root_name) == 0) error = 0;
                 if (is_enforce && CheckSupervisor("# %s is requesting\nchroot %s\n", exename, root_name) == 0) error = 0;

















96
                 if (exename) ccs_free(exename);
                 if (exename) ccs_free(exename);















97


                 if (!is_enforce && CheckCCSAccept(CCS_SAKURA_RESTRICT_CHROOT, NULL) && root_name) {


                 if (mode == 1 && root_name) {















98
                         AddChrootACL(root_name, 0);
                         AddChrootACL(root_name, 0);

















99
                         UpdateCounter(CCS_UPDATES_COUNTER_SYSTEM_POLICY);
                         UpdateCounter(CCS_UPDATES_COUNTER_SYSTEM_POLICY);

















100
                 }
                 }





























Legend:



Removed from v.808
 


changed lines


 
Added in v.815













Back to OSDN">Back to OSDN
ViewVC Help


Powered by ViewVC 1.1.26
 /[tomoyo]/trunk/1.6.x/ccs-patch/fs/sakura_chroot.c
-revision 808 by kumaneko,
Mon Dec 17 04:06:21 2007 UTC
+revision 815 by kumaneko,
Tue Dec 18 07:13:08 2007 UTC
 Line 5
   *
   * Copyright (C) 2005-2007  NTT DATA CORPORATION
   *
-  * Version: 1.5.3-pre   2007/12/17
+  * Version: 1.5.3-pre   2007/12/18
   *
   * This file is applicable to both 2.4.30 and 2.6.11 and later.
   * See README.ccs for ChangeLog.
 Line 70 
 int CheckChRootPermission(struct nameida
  {
          int error = -EPERM;
          char *root_name;
-         if (!CheckCCSFlags(CCS_SAKURA_RESTRICT_CHROOT)) return 0;
+         const unsigned int mode = CheckCCSFlags(CCS_SAKURA_RESTRICT_CHROOT);
+         if (!mode) return 0;
          root_name = realpath_from_dentry(nd->dentry, nd->mnt);
          if (root_name) {
                  struct path_info dir;
-Line 88 
 int CheckChRootPermission(struct nameida
+Line 89 
 int CheckChRootPermission(struct nameida
                  }
          }
          if (error) {
-                 const bool is_enforce = CheckCCSEnforce(CCS_SAKURA_RESTRICT_CHROOT);
+                 const bool is_enforce = (mode == 3);
                  const char *exename = GetEXE();
                  printk("SAKURA-%s: chroot %s (pid=%d:exe=%s): Permission denied.\n", GetMSG(is_enforce), root_name, current->pid, exename);
                  if (is_enforce && CheckSupervisor("# %s is requesting\nchroot %s\n", exename, root_name) == 0) error = 0;
                  if (exename) ccs_free(exename);
-                 if (!is_enforce && CheckCCSAccept(CCS_SAKURA_RESTRICT_CHROOT, NULL) && root_name) {
+                 if (mode == 1 && root_name) {
                          AddChrootACL(root_name, 0);
                          UpdateCounter(CCS_UPDATES_COUNTER_SYSTEM_POLICY);
                  }
 Legend:



Removed from v.808
 


changed lines


 
Added in v.815
 Legend:



Removed from v.808
 


changed lines


 
Added in v.815
-Removed from v.808
+Added in v.815
-Back to OSDN">Back to OSDN
+ViewVC Help
 Powered by ViewVC 1.1.26

オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照