5 |
* |
* |
6 |
* Copyright (C) 2005-2007 NTT DATA CORPORATION |
* Copyright (C) 2005-2007 NTT DATA CORPORATION |
7 |
* |
* |
8 |
* Version: 1.5.3-pre 2007/12/17 |
* Version: 1.5.3-pre 2007/12/18 |
9 |
* |
* |
10 |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
11 |
* See README.ccs for ChangeLog. |
* See README.ccs for ChangeLog. |
70 |
{ |
{ |
71 |
int error = -EPERM; |
int error = -EPERM; |
72 |
char *root_name; |
char *root_name; |
73 |
if (!CheckCCSFlags(CCS_SAKURA_RESTRICT_CHROOT)) return 0; |
const unsigned int mode = CheckCCSFlags(CCS_SAKURA_RESTRICT_CHROOT); |
74 |
|
if (!mode) return 0; |
75 |
root_name = realpath_from_dentry(nd->dentry, nd->mnt); |
root_name = realpath_from_dentry(nd->dentry, nd->mnt); |
76 |
if (root_name) { |
if (root_name) { |
77 |
struct path_info dir; |
struct path_info dir; |
89 |
} |
} |
90 |
} |
} |
91 |
if (error) { |
if (error) { |
92 |
const bool is_enforce = CheckCCSEnforce(CCS_SAKURA_RESTRICT_CHROOT); |
const bool is_enforce = (mode == 3); |
93 |
const char *exename = GetEXE(); |
const char *exename = GetEXE(); |
94 |
printk("SAKURA-%s: chroot %s (pid=%d:exe=%s): Permission denied.\n", GetMSG(is_enforce), root_name, current->pid, exename); |
printk("SAKURA-%s: chroot %s (pid=%d:exe=%s): Permission denied.\n", GetMSG(is_enforce), root_name, current->pid, exename); |
95 |
if (is_enforce && CheckSupervisor("# %s is requesting\nchroot %s\n", exename, root_name) == 0) error = 0; |
if (is_enforce && CheckSupervisor("# %s is requesting\nchroot %s\n", exename, root_name) == 0) error = 0; |
96 |
if (exename) ccs_free(exename); |
if (exename) ccs_free(exename); |
97 |
if (!is_enforce && CheckCCSAccept(CCS_SAKURA_RESTRICT_CHROOT, NULL) && root_name) { |
if (mode == 1 && root_name) { |
98 |
AddChrootACL(root_name, 0); |
AddChrootACL(root_name, 0); |
99 |
UpdateCounter(CCS_UPDATES_COUNTER_SYSTEM_POLICY); |
UpdateCounter(CCS_UPDATES_COUNTER_SYSTEM_POLICY); |
100 |
} |
} |