git://ftp.safe.ca
/
safe
/
jmp
/
linux-2.6
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
sched: Kill the broken and deadlockable cpuset_lock/cpuset_cpus_allowed_locked code
[safe/jmp/linux-2.6]
/
security
/
device_cgroup.c
diff --git
a/security/device_cgroup.c
b/security/device_cgroup.c
index
5fda7df
..
6cf8fd2
100644
(file)
--- a/
security/device_cgroup.c
+++ b/
security/device_cgroup.c
@@
-61,7
+61,8
@@
static inline struct dev_cgroup *task_devcgroup(struct task_struct *task)
struct cgroup_subsys devices_subsys;
static int devcgroup_can_attach(struct cgroup_subsys *ss,
struct cgroup_subsys devices_subsys;
static int devcgroup_can_attach(struct cgroup_subsys *ss,
- struct cgroup *new_cgroup, struct task_struct *task)
+ struct cgroup *new_cgroup, struct task_struct *task,
+ bool threadgroup)
{
if (current != task && !capable(CAP_SYS_ADMIN))
return -EPERM;
{
if (current != task && !capable(CAP_SYS_ADMIN))
return -EPERM;
@@
-490,7
+491,7
@@
int devcgroup_inode_permission(struct inode *inode, int mask)
list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) {
if (wh->type & DEV_ALL)
list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) {
if (wh->type & DEV_ALL)
- goto
acc_check
;
+ goto
found
;
if ((wh->type & DEV_BLOCK) && !S_ISBLK(inode->i_mode))
continue;
if ((wh->type & DEV_CHAR) && !S_ISCHR(inode->i_mode))
if ((wh->type & DEV_BLOCK) && !S_ISBLK(inode->i_mode))
continue;
if ((wh->type & DEV_CHAR) && !S_ISCHR(inode->i_mode))
@@
-499,11
+500,12
@@
int devcgroup_inode_permission(struct inode *inode, int mask)
continue;
if (wh->minor != ~0 && wh->minor != iminor(inode))
continue;
continue;
if (wh->minor != ~0 && wh->minor != iminor(inode))
continue;
-acc_check:
+
if ((mask & MAY_WRITE) && !(wh->access & ACC_WRITE))
continue;
if ((mask & MAY_READ) && !(wh->access & ACC_READ))
continue;
if ((mask & MAY_WRITE) && !(wh->access & ACC_WRITE))
continue;
if ((mask & MAY_READ) && !(wh->access & ACC_READ))
continue;
+found:
rcu_read_unlock();
return 0;
}
rcu_read_unlock();
return 0;
}
@@
-527,7
+529,7
@@
int devcgroup_inode_mknod(int mode, dev_t dev)
list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) {
if (wh->type & DEV_ALL)
list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) {
if (wh->type & DEV_ALL)
- goto
acc_check
;
+ goto
found
;
if ((wh->type & DEV_BLOCK) && !S_ISBLK(mode))
continue;
if ((wh->type & DEV_CHAR) && !S_ISCHR(mode))
if ((wh->type & DEV_BLOCK) && !S_ISBLK(mode))
continue;
if ((wh->type & DEV_CHAR) && !S_ISCHR(mode))
@@
-536,9
+538,10
@@
int devcgroup_inode_mknod(int mode, dev_t dev)
continue;
if (wh->minor != ~0 && wh->minor != MINOR(dev))
continue;
continue;
if (wh->minor != ~0 && wh->minor != MINOR(dev))
continue;
-acc_check:
+
if (!(wh->access & ACC_MKNOD))
continue;
if (!(wh->access & ACC_MKNOD))
continue;
+found:
rcu_read_unlock();
return 0;
}
rcu_read_unlock();
return 0;
}