Skip to content

cloud-kernel
cloud-kernel

openanolis / cloud-kernel
大约 1 年 前同步成功

通知 158
Star 36
Fork 7
cloud-kernel
cloud-kernel

体验新版 GitCode,发现更多精彩内容 >>

提交 7db9cfd3 编写于 作者: P Pavel Emelyanov 提交者: Linus Torvalds
浏览文件
操作

devscgroup: check for device permissions at mount time 

Currently even if a task sits in an all-denied cgroup it can still mount
any block device in any mode it wants.

Put a proper check in do_open for block device to prevent this.
Signed-off-by: NPavel Emelyanov <xemul@openvz.org>
Acked-by: NSerge Hallyn <serue@us.ibm.com>
Tested-by: NSerge Hallyn <serue@us.ibm.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
上级 cc9cb219
显示空白变更内容
内联 并排
Showing with 7 addition and 1 deletion
fs/block_dev.c
浏览文件 @ 7db9cfd3
...@@ -12,6 +12,7 @@ ...@@ -12,6 +12,7 @@
#include <linux/kmod.h> #include <linux/kmod.h>
#include <linux/major.h> #include <linux/major.h>
#include <linux/smp_lock.h> #include <linux/smp_lock.h>
#include <linux/device_cgroup.h>
#include <linux/highmem.h> #include <linux/highmem.h>
#include <linux/blkdev.h> #include <linux/blkdev.h>
#include <linux/module.h> #include <linux/module.h>
...@@ -928,9 +929,14 @@ static int do_open(struct block_device *bdev, struct file *file, int for_part) ...@@ -928,9 +929,14 @@ static int do_open(struct block_device *bdev, struct file *file, int for_part)
{ {
struct module *owner = NULL; struct module *owner = NULL;
struct gendisk *disk; struct gendisk *disk;
int ret = -ENXIO; int ret;
int part; int part;
ret = devcgroup_inode_permission(bdev->bd_inode, file->f_mode);
if (ret != 0)
return ret;
ret = -ENXIO;
file->f_mapping = bdev->bd_inode->i_mapping; file->f_mapping = bdev->bd_inode->i_mapping;
lock_kernel(); lock_kernel();
disk = get_gendisk(bdev->bd_dev, &part); disk = get_gendisk(bdev->bd_dev, &part);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册