On Sat, 2002-04-27 at 21:52, Chris Wright wrote:
> Thanks for working on this change, it's been on the LSM todo list as well.
> It looks like the patch is still all CAP_SYS_ADMIN, perhaps you attached
> the wrong one. I see one fsuser() check in fs/ufs/balloc.c that should
> be converted also.
>
> cheers,
> -chris
>
I diffed the wrong versions. Attached is a new patch, with the
ufs/balloc.c changes, and the more specific capabilities suggested by
Alan. I spent some more time greping, and can't see anymore instances of
suser().
Colin
-- ----- GPG Key 0x626FD58E; wwwkeys.pgp.net 6788 94B7 A407 A1D4 1B05 2559 FD52 D2D0 626F D58E
diff -Nru a/arch/i386/kernel/mtrr.c b/arch/i386/kernel/mtrr.c --- a/arch/i386/kernel/mtrr.c Sun Apr 28 12:41:49 2002 +++ b/arch/i386/kernel/mtrr.c Sun Apr 28 12:41:49 2002 @@ -1659,7 +1659,7 @@ char *ptr; char line[LINE_SIZE]; - if ( !suser () ) return -EPERM; + if ( !capable(CAP_SYS_ADMIN)) return -EPERM; /* Can't seek (pwrite) on this device */ if (ppos != &file->f_pos) return -ESPIPE; memset (line, 0, LINE_SIZE); @@ -1727,28 +1727,28 @@ default: return -ENOIOCTLCMD; case MTRRIOC_ADD_ENTRY: - if ( !suser () ) return -EPERM; + if ( ! capable(CAP_SYS_ADMIN) ) return -EPERM; if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) ) return -EFAULT; err = mtrr_file_add (sentry.base, sentry.size, sentry.type, 1, file, 0); if (err < 0) return err; break; case MTRRIOC_SET_ENTRY: - if ( !suser () ) return -EPERM; + if ( !capable(CAP_SYS_ADMIN) ) return -EPERM; if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) ) return -EFAULT; err = mtrr_add (sentry.base, sentry.size, sentry.type, 0); if (err < 0) return err; break; case MTRRIOC_DEL_ENTRY: - if ( !suser () ) return -EPERM; + if ( !capable(CAP_SYS_ADMIN) ) return -EPERM; if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) ) return -EFAULT; err = mtrr_file_del (sentry.base, sentry.size, file, 0); if (err < 0) return err; break; case MTRRIOC_KILL_ENTRY: - if ( !suser () ) return -EPERM; + if ( !capable(CAP_SYS_ADMIN) ) return -EPERM; if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) ) return -EFAULT; err = mtrr_del (-1, sentry.base, sentry.size); @@ -1773,28 +1773,28 @@ return -EFAULT; break; case MTRRIOC_ADD_PAGE_ENTRY: - if ( !suser () ) return -EPERM; + if ( !capable(CAP_SYS_ADMIN) ) return -EPERM; if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) ) return -EFAULT; err = mtrr_file_add (sentry.base, sentry.size, sentry.type, 1, file, 1); if (err < 0) return err; break; case MTRRIOC_SET_PAGE_ENTRY: - if ( !suser () ) return -EPERM; + if ( !capable(CAP_SYS_ADMIN) ) return -EPERM; if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) ) return -EFAULT; err = mtrr_add_page (sentry.base, sentry.size, sentry.type, 0); if (err < 0) return err; break; case MTRRIOC_DEL_PAGE_ENTRY: - if ( !suser () ) return -EPERM; + if ( !capable(CAP_SYS_ADMIN) ) return -EPERM; if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) ) return -EFAULT; err = mtrr_file_del (sentry.base, sentry.size, file, 1); if (err < 0) return err; break; case MTRRIOC_KILL_PAGE_ENTRY: - if ( !suser () ) return -EPERM; + if ( !capable(CAP_SYS_ADMIN) ) return -EPERM; if ( copy_from_user (&sentry, (void *) arg, sizeof sentry) ) return -EFAULT; err = mtrr_del_page (-1, sentry.base, sentry.size); diff -Nru a/arch/ppc64/kernel/ioctl32.c b/arch/ppc64/kernel/ioctl32.c --- a/arch/ppc64/kernel/ioctl32.c Sun Apr 28 12:41:49 2002 +++ b/arch/ppc64/kernel/ioctl32.c Sun Apr 28 12:41:49 2002 @@ -1559,9 +1559,9 @@ /* * To have permissions to do most of the vt ioctls, we either have - * to be the owner of the tty, or super-user. + * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG. */ - if (current->tty == tty || suser()) + if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG)) return 1; return 0; } diff -Nru a/arch/sparc64/kernel/ioctl32.c b/arch/sparc64/kernel/ioctl32.c --- a/arch/sparc64/kernel/ioctl32.c Sun Apr 28 12:41:49 2002 +++ b/arch/sparc64/kernel/ioctl32.c Sun Apr 28 12:41:49 2002 @@ -2058,9 +2058,9 @@ /* * To have permissions to do most of the vt ioctls, we either have - * to be the owner of the tty, or super-user. + * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG. */ - if (current->tty == tty || suser()) + if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG)) return 1; return 0; } diff -Nru a/arch/x86_64/ia32/ia32_ioctl.c b/arch/x86_64/ia32/ia32_ioctl.c --- a/arch/x86_64/ia32/ia32_ioctl.c Sun Apr 28 12:41:49 2002 +++ b/arch/x86_64/ia32/ia32_ioctl.c Sun Apr 28 12:41:49 2002 @@ -1648,9 +1648,9 @@ /* * To have permissions to do most of the vt ioctls, we either have - * to be the owner of the tty, or super-user. + * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG. */ - if (current->tty == tty || suser()) + if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG)) return 1; return 0; } diff -Nru a/arch/x86_64/kernel/mtrr.c b/arch/x86_64/kernel/mtrr.c --- a/arch/x86_64/kernel/mtrr.c Sun Apr 28 12:41:49 2002 +++ b/arch/x86_64/kernel/mtrr.c Sun Apr 28 12:41:49 2002 @@ -983,7 +983,7 @@ char *ptr; char line[LINE_SIZE]; - if (!suser ()) + if (!capable (CAP_SYS_ADMIN)) return -EPERM; /* Can't seek (pwrite) on this device */ @@ -1071,7 +1071,7 @@ return -ENOIOCTLCMD; case MTRRIOC_ADD_ENTRY: - if (!suser ()) + if (!capable (CAP_SYS_ADMIN)) return -EPERM; if (copy_from_user (&sentry, (void *) arg, sizeof sentry)) return -EFAULT; @@ -1083,7 +1083,7 @@ break; case MTRRIOC_SET_ENTRY: - if (!suser ()) + if (!capable (CAP_SYS_ADMIN)) return -EPERM; if (copy_from_user (&sentry, (void *) arg, sizeof sentry)) return -EFAULT; @@ -1093,7 +1093,7 @@ break; case MTRRIOC_DEL_ENTRY: - if (!suser ()) + if (!capable (CAP_SYS_ADMIN)) return -EPERM; if (copy_from_user (&sentry, (void *) arg, sizeof sentry)) return -EFAULT; @@ -1103,7 +1103,7 @@ break; case MTRRIOC_KILL_ENTRY: - if (!suser ()) + if (!capable (CAP_SYS_ADMIN)) return -EPERM; if (copy_from_user (&sentry, (void *) arg, sizeof sentry)) return -EFAULT; @@ -1134,7 +1134,7 @@ break; case MTRRIOC_ADD_PAGE_ENTRY: - if (!suser ()) + if (!capable (CAP_SYS_ADMIN)) return -EPERM; if (copy_from_user (&sentry, (void *) arg, sizeof sentry)) return -EFAULT; @@ -1146,7 +1146,7 @@ break; case MTRRIOC_SET_PAGE_ENTRY: - if (!suser ()) + if (!capable (CAP_SYS_ADMIN)) return -EPERM; if (copy_from_user (&sentry, (void *) arg, sizeof sentry)) return -EFAULT; @@ -1156,7 +1156,7 @@ break; case MTRRIOC_DEL_PAGE_ENTRY: - if (!suser ()) + if (!capable (CAP_SYS_ADMIN)) return -EPERM; if (copy_from_user (&sentry, (void *) arg, sizeof sentry)) return -EFAULT; @@ -1166,7 +1166,7 @@ break; case MTRRIOC_KILL_PAGE_ENTRY: - if (!suser ()) + if (!capable (CAP_SYS_ADMIN)) return -EPERM; if (copy_from_user (&sentry, (void *) arg, sizeof sentry)) return -EFAULT; diff -Nru a/drivers/block/cpqarray.c b/drivers/block/cpqarray.c --- a/drivers/block/cpqarray.c Sun Apr 28 12:41:49 2002 +++ b/drivers/block/cpqarray.c Sun Apr 28 12:41:49 2002 @@ -787,7 +787,7 @@ if (ctlr > MAX_CTLR || hba[ctlr] == NULL) return -ENXIO; - if (!suser() && ida_sizes[(ctlr << CTLR_SHIFT) + + if (!capable(CAP_RAW_IO) && ida_sizes[(ctlr << CTLR_SHIFT) + minor(inode->i_rdev)] == 0) return -ENXIO; @@ -797,7 +797,7 @@ * but I'm already using way to many device nodes to claim another one * for "raw controller". */ - if (suser() + if (capable(CAP_SYS_ADMIN) && ida_sizes[(ctlr << CTLR_SHIFT) + minor(inode->i_rdev)] == 0 && minor(inode->i_rdev) != 0) return -ENXIO; @@ -1139,7 +1139,7 @@ case BLKRRPART: return revalidate_logvol(inode->i_rdev, 1); case IDAPASSTHRU: - if (!suser()) return -EPERM; + if (!capable(CAP_RAW_IO)) return -EPERM; error = copy_from_user(&my_io, io, sizeof(my_io)); if (error) return error; error = ida_ctlr_ioctl(ctlr, dsk, &my_io); diff -Nru a/drivers/block/swim3.c b/drivers/block/swim3.c --- a/drivers/block/swim3.c Sun Apr 28 12:41:49 2002 +++ b/drivers/block/swim3.c Sun Apr 28 12:41:49 2002 @@ -821,7 +821,7 @@ if (devnum >= floppy_count) return -ENODEV; - if ((cmd & 0x80) && !suser()) + if ((cmd & 0x80) && !capable(CAP_SYS_ADMIN)) return -EPERM; fs = &floppy_states[devnum]; diff -Nru a/drivers/block/swim_iop.c b/drivers/block/swim_iop.c --- a/drivers/block/swim_iop.c Sun Apr 28 12:41:49 2002 +++ b/drivers/block/swim_iop.c Sun Apr 28 12:41:49 2002 @@ -349,7 +349,7 @@ if (devnum >= floppy_count) return -ENODEV; - if ((cmd & 0x80) && !suser()) + if ((cmd & 0x80) && !capable(CAP_SYS_ADMIN)) return -EPERM; fs = &floppy_states[devnum]; diff -Nru a/drivers/char/ip2main.c b/drivers/char/ip2main.c --- a/drivers/char/ip2main.c Sun Apr 28 12:41:49 2002 +++ b/drivers/char/ip2main.c Sun Apr 28 12:41:49 2002 @@ -2660,7 +2660,7 @@ old_flags = pCh->flags; old_baud_divisor = pCh->BaudDivisor; - if ( !suser() ) { + if ( !capable(CAP_SYS_ADMIN) ) { if ( ( ns.close_delay != pCh->ClosingDelay ) || ( (ns.flags & ~ASYNC_USR_MASK) != (pCh->flags & ~ASYNC_USR_MASK) ) ) { diff -Nru a/drivers/char/moxa.c b/drivers/char/moxa.c --- a/drivers/char/moxa.c Sun Apr 28 12:41:49 2002 +++ b/drivers/char/moxa.c Sun Apr 28 12:41:49 2002 @@ -2799,7 +2799,7 @@ (new_serial.baud_base != 921600)) return (-EPERM); - if (!suser()) { + if (!capable(CAP_SYS_ADMIN)) { if (((new_serial.flags & ~ASYNC_USR_MASK) != (info->asyncflags & ~ASYNC_USR_MASK))) return (-EPERM); diff -Nru a/drivers/char/mxser.c b/drivers/char/mxser.c --- a/drivers/char/mxser.c Sun Apr 28 12:41:49 2002 +++ b/drivers/char/mxser.c Sun Apr 28 12:41:49 2002 @@ -2199,7 +2199,7 @@ flags = info->flags & ASYNC_SPD_MASK; - if (!suser()) { + if (!capable(CAP_SYS_ADMIN)) { if ((new_serial.baud_base != info->baud_base) || (new_serial.close_delay != info->close_delay) || ((new_serial.flags & ~ASYNC_USR_MASK) != diff -Nru a/drivers/char/rio/rio_linux.c b/drivers/char/rio/rio_linux.c --- a/drivers/char/rio/rio_linux.c Sun Apr 28 12:41:49 2002 +++ b/drivers/char/rio/rio_linux.c Sun Apr 28 12:41:49 2002 @@ -702,7 +702,7 @@ func_enter(); /* The "dev" argument isn't used. */ - rc = -riocontrol (p, 0, cmd, (void *)arg, suser ()); + rc = -riocontrol (p, 0, cmd, (void *)arg, capable(CAP_SYS_ADMIN)); func_exit (); return rc; diff -Nru a/drivers/char/rocket.c b/drivers/char/rocket.c --- a/drivers/char/rocket.c Sun Apr 28 12:41:49 2002 +++ b/drivers/char/rocket.c Sun Apr 28 12:41:49 2002 @@ -1238,11 +1238,7 @@ if (copy_from_user(&new_serial, new_info, sizeof(new_serial))) return -EFAULT; -#ifdef CAP_SYS_ADMIN if (!capable(CAP_SYS_ADMIN)) -#else - if (!suser()) -#endif { if ((new_serial.flags & ~ROCKET_USR_MASK) != (info->flags & ~ROCKET_USR_MASK)) diff -Nru a/drivers/char/serial167.c b/drivers/char/serial167.c --- a/drivers/char/serial167.c Sun Apr 28 12:41:49 2002 +++ b/drivers/char/serial167.c Sun Apr 28 12:41:49 2002 @@ -1472,7 +1472,7 @@ return -EFAULT; old_info = *info; - if (!suser()) { + if (!capable(CAP_SYS_ADMIN)) { if ((new_serial.close_delay != info->close_delay) || ((new_serial.flags & ASYNC_FLAGS & ~ASYNC_USR_MASK) != (info->flags & ASYNC_FLAGS & ~ASYNC_USR_MASK))) diff -Nru a/drivers/char/tty_io.c b/drivers/char/tty_io.c --- a/drivers/char/tty_io.c Sun Apr 28 12:41:49 2002 +++ b/drivers/char/tty_io.c Sun Apr 28 12:41:49 2002 @@ -1370,7 +1370,7 @@ retval = -ENODEV; filp->f_flags = saved_flags; - if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !suser()) + if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN)) retval = -EBUSY; if (retval) { @@ -1472,7 +1472,7 @@ { char ch, mbz = 0; - if ((current->tty != tty) && !suser()) + if ((current->tty != tty) && !capable(CAP_SYS_ADMIN)) return -EPERM; if (get_user(ch, arg)) return -EFAULT; @@ -1510,7 +1510,7 @@ { if (IS_SYSCONS_DEV(inode->i_rdev) || IS_CONSOLE_DEV(inode->i_rdev)) { - if (!suser()) + if (!capable(CAP_SYS_ADMIN)) return -EPERM; redirect = NULL; return 0; @@ -1552,7 +1552,7 @@ * This tty is already the controlling * tty for another session group! */ - if ((arg == 1) && suser()) { + if ((arg == 1) && capable(CAP_SYS_ADMIN)) { /* * Steal it away */ diff -Nru a/drivers/char/vt.c b/drivers/char/vt.c --- a/drivers/char/vt.c Sun Apr 28 12:41:49 2002 +++ b/drivers/char/vt.c Sun Apr 28 12:41:49 2002 @@ -440,10 +440,10 @@ /* * To have permissions to do most of the vt ioctls, we either have - * to be the owner of the tty, or super-user. + * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG. */ perm = 0; - if (current->tty == tty || suser()) + if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG)) perm = 1; kbd = kbd_table + console; @@ -508,7 +508,7 @@ { struct kbd_repeat kbrep; - if (!capable(CAP_SYS_ADMIN)) + if (!capable(CAP_SYS_TTY_CONFIG)) return -EPERM; if (copy_from_user(&kbrep, (void *)arg, @@ -621,7 +621,7 @@ case KDGETKEYCODE: case KDSETKEYCODE: - if(!capable(CAP_SYS_ADMIN)) + if(!capable(CAP_SYS_TTY_CONFIG)) perm=0; return do_kbkeycode_ioctl(cmd, (struct kbkeycode *)arg, perm); @@ -1038,12 +1038,12 @@ return do_unimap_ioctl(cmd, (struct unimapdesc *)arg, perm); case VT_LOCKSWITCH: - if (!suser()) + if (!capable(CAP_SYS_TTY_CONFIG)) return -EPERM; vt_dont_switch = 1; return 0; case VT_UNLOCKSWITCH: - if (!suser()) + if (!capable(CAP_SYS_TTY_CONFIG)) return -EPERM; vt_dont_switch = 0; return 0; diff -Nru a/drivers/media/video/zr36120.c b/drivers/media/video/zr36120.c --- a/drivers/media/video/zr36120.c Sun Apr 28 12:41:49 2002 +++ b/drivers/media/video/zr36120.c Sun Apr 28 12:41:49 2002 @@ -1291,11 +1291,7 @@ case VIDIOCSFBUF: { struct video_buffer v; -#if LINUX_VERSION_CODE >= 0x020100 - if(!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_ADMIN)) -#else - if(!suser()) -#endif + if(!capable(CAP_SYS_ADMIN)) return -EPERM; if (copy_from_user(&v, arg,sizeof(v))) return -EFAULT; diff -Nru a/drivers/pcmcia/ds.c b/drivers/pcmcia/ds.c --- a/drivers/pcmcia/ds.c Sun Apr 28 12:41:49 2002 +++ b/drivers/pcmcia/ds.c Sun Apr 28 12:41:49 2002 @@ -830,7 +830,7 @@ err = unbind_request(i, &buf.bind_info); break; case DS_BIND_MTD: - if (!suser()) return -EPERM; + if (!capable(CAP_SYS_ADMIN)) return -EPERM; err = bind_mtd(i, &buf.mtd_info); break; default: diff -Nru a/drivers/s390/char/tubtty.c b/drivers/s390/char/tubtty.c --- a/drivers/s390/char/tubtty.c Sun Apr 28 12:41:49 2002 +++ b/drivers/s390/char/tubtty.c Sun Apr 28 12:41:49 2002 @@ -561,7 +561,7 @@ /* * Superuser-mode settings affect the driver overall --- */ - if (!suser()) { + if (!capable(CAP_SYS_TTY_CONFIG)) { return -EPERM; } else if (strncmp(mybuf, "index=", 6) == 0) { tty3270_proc_index = simple_strtoul(mybuf + 6, 0,0); diff -Nru a/drivers/scsi/cpqfcTSinit.c b/drivers/scsi/cpqfcTSinit.c --- a/drivers/scsi/cpqfcTSinit.c Sun Apr 28 12:41:49 2002 +++ b/drivers/scsi/cpqfcTSinit.c Sun Apr 28 12:41:49 2002 @@ -532,7 +532,7 @@ // must be super user to send stuff directly to the // controller and/or physical drives... - if( !suser() ) + if( !capable(CAP_RAW_IO) ) return -EPERM; // copy the caller's struct to our space. diff -Nru a/fs/ufs/balloc.c b/fs/ufs/balloc.c --- a/fs/ufs/balloc.c Sun Apr 28 12:41:49 2002 +++ b/fs/ufs/balloc.c Sun Apr 28 12:41:49 2002 @@ -288,7 +288,7 @@ /* * There is not enough space for user on the device */ - if (!fsuser() && ufs_freespace(usb1, UFS_MINFREE) <= 0) { + if (!capable(CAP_SYS_RESOURCE) && ufs_freespace(usb1, UFS_MINFREE) <= 0) { unlock_super (sb); UFSD(("EXIT (FAILED)\n")) return 0;
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Apr 30 2002 - 22:00:16 EST