オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.6.x/ccs-patch/fs/sakura_chroot.c

Contents of /trunk/1.6.x/ccs-patch/fs/sakura_chroot.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 708 - (show annotations) (download) (as text)
Mon Nov 19 08:44:45 2007 UTC (16 years, 6 months ago) by kumaneko
Original Path: trunk/1.5.x/ccs-patch/fs/sakura_chroot.c
File MIME type: text/x-csrc
File size: 3285 byte(s) 
Use "struct list_head". Not tested.
1 /*
2 * fs/sakura_chroot.c
3 *
4 * Implementation of the Domain-Free Mandatory Access Control.
5 *
6 * Copyright (C) 2005-2007 NTT DATA CORPORATION
7 *
8 * Version: 1.5.2-pre 2007/11/19
9 *
10 * This file is applicable to both 2.4.30 and 2.6.11 and later.
11 * See README.ccs for ChangeLog.
12 *
13 */
14 /***** SAKURA Linux start. *****/
15
16 #include <linux/ccs_common.h>
17 #include <linux/sakura.h>
18 #include <linux/realpath.h>
19 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,5,0)
20 #include <linux/namei.h>
21 #else
22 #include <linux/fs.h>
23 #endif
24
25 extern const char *ccs_log_level;
26
27 /***** The structure for chroot restrictions. *****/
28
29 struct chroot_entry {
30 struct list_head list;
31 const struct path_info *dir;
32 bool is_deleted;
33 };
34
35 /************************* CHROOT RESTRICTION HANDLER *************************/
36
37 static LIST_HEAD(chroot_list);
38
39 static int AddChrootACL(const char *dir, const bool is_delete)
40 {
41 struct chroot_entry *new_entry, *ptr;
42 const struct path_info *saved_dir;
43 static DEFINE_MUTEX(lock);
44 int error = -ENOMEM;
45 if (!IsCorrectPath(dir, 1, 0, 1, __FUNCTION__)) return -EINVAL;
46 if ((saved_dir = SaveName(dir)) == NULL) return -ENOMEM;
47 mutex_lock(&lock);
48 list_for_each_entry(ptr, &chroot_list, list) {
49 if (ptr->dir == saved_dir) {
50 ptr->is_deleted = is_delete;
51 error = 0;
52 goto out;
53 }
54 }
55 if (is_delete) {
56 error = -ENOENT;
57 goto out;
58 }
59 if ((new_entry = alloc_element(sizeof(*new_entry))) == NULL) goto out;
60 new_entry->dir = saved_dir;
61 list_add_tail_mb(&new_entry->list, &chroot_list);
62 error = 0;
63 printk("%sAllow chroot() to %s\n", ccs_log_level, dir);
64 out:
65 mutex_unlock(&lock);
66 return error;
67 }
68
69 int CheckChRootPermission(struct nameidata *nd)
70 {
71 int error = -EPERM;
72 char *root_name;
73 if (!CheckCCSFlags(CCS_SAKURA_RESTRICT_CHROOT)) return 0;
74 root_name = realpath_from_dentry(nd->dentry, nd->mnt);
75 if (root_name) {
76 struct path_info dir;
77 dir.name = root_name;
78 fill_path_info(&dir);
79 if (dir.is_dir) {
80 struct chroot_entry *ptr;
81 list_for_each_entry(ptr, &chroot_list, list) {
82 if (ptr->is_deleted) continue;
83 if (PathMatchesToPattern(&dir, ptr->dir)) {
84 error = 0;
85 break;
86 }
87 }
88 }
89 }
90 if (error) {
91 const bool is_enforce = CheckCCSEnforce(CCS_SAKURA_RESTRICT_CHROOT);
92 const char *exename = GetEXE();
93 printk("SAKURA-%s: chroot %s (pid=%d:exe=%s): Permission denied.\n", GetMSG(is_enforce), root_name, current->pid, exename);
94 if (is_enforce && CheckSupervisor("# %s is requesting\nchroot %s\n", exename, root_name) == 0) error = 0;
95 if (exename) ccs_free(exename);
96 if (!is_enforce && CheckCCSAccept(CCS_SAKURA_RESTRICT_CHROOT, NULL) && root_name) {
97 AddChrootACL(root_name, 0);
98 UpdateCounter(CCS_UPDATES_COUNTER_SYSTEM_POLICY);
99 }
100 if (!is_enforce) error = 0;
101 }
102 ccs_free(root_name);
103 return error;
104 }
105 EXPORT_SYMBOL(CheckChRootPermission);
106
107 int AddChrootPolicy(char *data, const bool is_delete)
108 {
109 return AddChrootACL(data, is_delete);
110 }
111
112 int ReadChrootPolicy(struct io_buffer *head)
113 {
114 struct list_head *pos;
115 list_for_each_cookie(pos, head->read_var2, &chroot_list) {
116 struct chroot_entry *ptr;
117 ptr = list_entry(pos, struct chroot_entry, list);
118 if (ptr->is_deleted) continue;
119 if (io_printf(head, KEYWORD_ALLOW_CHROOT "%s\n", ptr->dir->name)) return -ENOMEM;
120 }
121 return 0;
122 }
123
124 /***** SAKURA Linux end. *****/
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ