diff options
Diffstat (limited to 'ipc/shm.c')
| -rw-r--r-- | ipc/shm.c | 21 |
1 files changed, 18 insertions, 3 deletions
| @@ -13,6 +13,8 @@ | |||
| 13 | * Shared /dev/zero support, Kanoj Sarcar <kanoj@sgi.com> | 13 | * Shared /dev/zero support, Kanoj Sarcar <kanoj@sgi.com> |
| 14 | * Move the mm functionality over to mm/shmem.c, Christoph Rohland <cr@sap.com> | 14 | * Move the mm functionality over to mm/shmem.c, Christoph Rohland <cr@sap.com> |
| 15 | * | 15 | * |
| 16 | * support for audit of ipc object properties and permission changes | ||
| 17 | * Dustin Kirkland <dustin.kirkland@us.ibm.com> | ||
| 16 | */ | 18 | */ |
| 17 | 19 | ||
| 18 | #include <linux/config.h> | 20 | #include <linux/config.h> |
| @@ -162,6 +164,8 @@ static int shm_mmap(struct file * file, struct vm_area_struct * vma) | |||
| 162 | ret = shmem_mmap(file, vma); | 164 | ret = shmem_mmap(file, vma); |
| 163 | if (ret == 0) { | 165 | if (ret == 0) { |
| 164 | vma->vm_ops = &shm_vm_ops; | 166 | vma->vm_ops = &shm_vm_ops; |
| 167 | if (!(vma->vm_flags & VM_WRITE)) | ||
| 168 | vma->vm_flags &= ~VM_MAYWRITE; | ||
| 165 | shm_inc(file->f_dentry->d_inode->i_ino); | 169 | shm_inc(file->f_dentry->d_inode->i_ino); |
| 166 | } | 170 | } |
| 167 | 171 | ||
| @@ -540,6 +544,10 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf) | |||
| 540 | if(err) | 544 | if(err) |
| 541 | goto out_unlock; | 545 | goto out_unlock; |
| 542 | 546 | ||
| 547 | err = audit_ipc_obj(&(shp->shm_perm)); | ||
| 548 | if (err) | ||
| 549 | goto out_unlock; | ||
| 550 | |||
| 543 | if (!capable(CAP_IPC_LOCK)) { | 551 | if (!capable(CAP_IPC_LOCK)) { |
| 544 | err = -EPERM; | 552 | err = -EPERM; |
| 545 | if (current->euid != shp->shm_perm.uid && | 553 | if (current->euid != shp->shm_perm.uid && |
| @@ -592,6 +600,10 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf) | |||
| 592 | if(err) | 600 | if(err) |
| 593 | goto out_unlock_up; | 601 | goto out_unlock_up; |
| 594 | 602 | ||
| 603 | err = audit_ipc_obj(&(shp->shm_perm)); | ||
| 604 | if (err) | ||
| 605 | goto out_unlock_up; | ||
| 606 | |||
| 595 | if (current->euid != shp->shm_perm.uid && | 607 | if (current->euid != shp->shm_perm.uid && |
| 596 | current->euid != shp->shm_perm.cuid && | 608 | current->euid != shp->shm_perm.cuid && |
| 597 | !capable(CAP_SYS_ADMIN)) { | 609 | !capable(CAP_SYS_ADMIN)) { |
| @@ -625,12 +637,15 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf) | |||
| 625 | err=-EINVAL; | 637 | err=-EINVAL; |
| 626 | if(shp==NULL) | 638 | if(shp==NULL) |
| 627 | goto out_up; | 639 | goto out_up; |
| 628 | if ((err = audit_ipc_perms(0, setbuf.uid, setbuf.gid, | ||
| 629 | setbuf.mode, &(shp->shm_perm)))) | ||
| 630 | goto out_unlock_up; | ||
| 631 | err = shm_checkid(shp,shmid); | 640 | err = shm_checkid(shp,shmid); |
| 632 | if(err) | 641 | if(err) |
| 633 | goto out_unlock_up; | 642 | goto out_unlock_up; |
| 643 | err = audit_ipc_obj(&(shp->shm_perm)); | ||
| 644 | if (err) | ||
| 645 | goto out_unlock_up; | ||
| 646 | err = audit_ipc_set_perm(0, setbuf.uid, setbuf.gid, setbuf.mode, &(shp->shm_perm)); | ||
| 647 | if (err) | ||
| 648 | goto out_unlock_up; | ||
| 634 | err=-EPERM; | 649 | err=-EPERM; |
| 635 | if (current->euid != shp->shm_perm.uid && | 650 | if (current->euid != shp->shm_perm.uid && |
| 636 | current->euid != shp->shm_perm.cuid && | 651 | current->euid != shp->shm_perm.cuid && |