diff options
author | Philipp Reisner <philipp.reisner@linbit.com> | 2009-10-06 03:30:14 -0400 |
---|---|---|
committer | Jens Axboe <jens.axboe@oracle.com> | 2009-10-06 03:30:14 -0400 |
commit | 9f5180e5c331d7b3ccc35e1a78072235d38f9f34 (patch) | |
tree | d4d116f9bee360007c15b50fee86bf3a27566102 /drivers | |
parent | 25d2d4edfa509b69fe4832094b8a07e634363ba3 (diff) |
drbd: Work on permission enforcement
Now we have the capabilities of the sending process available,
use them to enforce CAP_SYS_ADMIN.
Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Diffstat (limited to 'drivers')
-rw-r--r-- | drivers/block/drbd/drbd_nl.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c index 73c55ccb629a..22538d9628f1 100644 --- a/drivers/block/drbd/drbd_nl.c +++ b/drivers/block/drbd/drbd_nl.c | |||
@@ -2000,7 +2000,7 @@ static struct cn_handler_struct cnd_table[] = { | |||
2000 | [ P_new_c_uuid ] = { &drbd_nl_new_c_uuid, 0 }, | 2000 | [ P_new_c_uuid ] = { &drbd_nl_new_c_uuid, 0 }, |
2001 | }; | 2001 | }; |
2002 | 2002 | ||
2003 | static void drbd_connector_callback(struct cn_msg *req) | 2003 | static void drbd_connector_callback(struct cn_msg *req, struct netlink_skb_parms *nsp) |
2004 | { | 2004 | { |
2005 | struct drbd_nl_cfg_req *nlp = (struct drbd_nl_cfg_req *)req->data; | 2005 | struct drbd_nl_cfg_req *nlp = (struct drbd_nl_cfg_req *)req->data; |
2006 | struct cn_handler_struct *cm; | 2006 | struct cn_handler_struct *cm; |
@@ -2017,6 +2017,11 @@ static void drbd_connector_callback(struct cn_msg *req) | |||
2017 | return; | 2017 | return; |
2018 | } | 2018 | } |
2019 | 2019 | ||
2020 | if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN)) { | ||
2021 | retcode = ERR_PERM; | ||
2022 | goto fail; | ||
2023 | } | ||
2024 | |||
2020 | mdev = ensure_mdev(nlp); | 2025 | mdev = ensure_mdev(nlp); |
2021 | if (!mdev) { | 2026 | if (!mdev) { |
2022 | retcode = ERR_MINOR_INVALID; | 2027 | retcode = ERR_MINOR_INVALID; |