diff options
author | Philipp Reisner <philipp.reisner@linbit.com> | 2009-10-06 03:30:14 -0400 |
---|---|---|
committer | Jens Axboe <jens.axboe@oracle.com> | 2009-10-06 03:30:14 -0400 |
commit | 9f5180e5c331d7b3ccc35e1a78072235d38f9f34 (patch) | |
tree | d4d116f9bee360007c15b50fee86bf3a27566102 | |
parent | 25d2d4edfa509b69fe4832094b8a07e634363ba3 (diff) |
drbd: Work on permission enforcement
Now we have the capabilities of the sending process available,
use them to enforce CAP_SYS_ADMIN.
Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
-rw-r--r-- | drivers/block/drbd/drbd_nl.c | 7 | ||||
-rw-r--r-- | include/linux/drbd.h | 1 |
2 files changed, 7 insertions, 1 deletions
diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c index 73c55ccb629a..22538d9628f1 100644 --- a/drivers/block/drbd/drbd_nl.c +++ b/drivers/block/drbd/drbd_nl.c | |||
@@ -2000,7 +2000,7 @@ static struct cn_handler_struct cnd_table[] = { | |||
2000 | [ P_new_c_uuid ] = { &drbd_nl_new_c_uuid, 0 }, | 2000 | [ P_new_c_uuid ] = { &drbd_nl_new_c_uuid, 0 }, |
2001 | }; | 2001 | }; |
2002 | 2002 | ||
2003 | static void drbd_connector_callback(struct cn_msg *req) | 2003 | static void drbd_connector_callback(struct cn_msg *req, struct netlink_skb_parms *nsp) |
2004 | { | 2004 | { |
2005 | struct drbd_nl_cfg_req *nlp = (struct drbd_nl_cfg_req *)req->data; | 2005 | struct drbd_nl_cfg_req *nlp = (struct drbd_nl_cfg_req *)req->data; |
2006 | struct cn_handler_struct *cm; | 2006 | struct cn_handler_struct *cm; |
@@ -2017,6 +2017,11 @@ static void drbd_connector_callback(struct cn_msg *req) | |||
2017 | return; | 2017 | return; |
2018 | } | 2018 | } |
2019 | 2019 | ||
2020 | if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN)) { | ||
2021 | retcode = ERR_PERM; | ||
2022 | goto fail; | ||
2023 | } | ||
2024 | |||
2020 | mdev = ensure_mdev(nlp); | 2025 | mdev = ensure_mdev(nlp); |
2021 | if (!mdev) { | 2026 | if (!mdev) { |
2022 | retcode = ERR_MINOR_INVALID; | 2027 | retcode = ERR_MINOR_INVALID; |
diff --git a/include/linux/drbd.h b/include/linux/drbd.h index 69dc711f37b3..233db5c18b86 100644 --- a/include/linux/drbd.h +++ b/include/linux/drbd.h | |||
@@ -138,6 +138,7 @@ enum drbd_ret_codes { | |||
138 | ERR_VERIFY_RUNNING = 149, /* DRBD 8.2 only */ | 138 | ERR_VERIFY_RUNNING = 149, /* DRBD 8.2 only */ |
139 | ERR_DATA_NOT_CURRENT = 150, | 139 | ERR_DATA_NOT_CURRENT = 150, |
140 | ERR_CONNECTED = 151, /* DRBD 8.3 only */ | 140 | ERR_CONNECTED = 151, /* DRBD 8.3 only */ |
141 | ERR_PERM = 152, | ||
141 | 142 | ||
142 | /* insert new ones above this line */ | 143 | /* insert new ones above this line */ |
143 | AFTER_LAST_ERR_CODE | 144 | AFTER_LAST_ERR_CODE |