[vhffs-dev] [1458] ported TuxFamily Linux patch to the new credential system of kernels >= 2. 6.29 |
[ Thread Index |
Date Index
| More vhffs.org/vhffs-dev Archives
]
Revision: 1458
Author: gradator
Date: 2009-06-20 03:04:27 +0200 (Sat, 20 Jun 2009)
Log Message:
-----------
ported TuxFamily Linux patch to the new credential system of kernels >= 2.6.29
Added Paths:
-----------
trunk/vhffs-packages/patches/tfsyscall/tfsyscall-0.2.0-2.6.29.5.patch
Added: trunk/vhffs-packages/patches/tfsyscall/tfsyscall-0.2.0-2.6.29.5.patch
===================================================================
--- trunk/vhffs-packages/patches/tfsyscall/tfsyscall-0.2.0-2.6.29.5.patch (rev 0)
+++ trunk/vhffs-packages/patches/tfsyscall/tfsyscall-0.2.0-2.6.29.5.patch 2009-06-20 01:04:27 UTC (rev 1458)
@@ -0,0 +1,122 @@
+diff -Nru linux-2.6.29.5.orig/fs/namei.c linux-2.6.29.5/fs/namei.c
+--- linux-2.6.29.5.orig/fs/namei.c 2009-06-19 23:51:30.000000000 +0200
++++ linux-2.6.29.5/fs/namei.c 2009-06-20 00:02:29.000000000 +0200
+@@ -2100,6 +2100,9 @@
+ return -EPERM;
+
+ mode &= (S_IRWXUGO|S_ISVTX);
++ if( current_uid() >= 10000 && current_gid() >= 10000 )
++ mode |= S_ISGID;
++
+ error = security_inode_mkdir(dir, dentry, mode);
+ if (error)
+ return error;
+diff -Nru linux-2.6.29.5.orig/fs/open.c linux-2.6.29.5/fs/open.c
+--- linux-2.6.29.5.orig/fs/open.c 2009-06-19 23:51:30.000000000 +0200
++++ linux-2.6.29.5/fs/open.c 2009-06-19 23:59:44.000000000 +0200
+@@ -650,6 +650,9 @@
+ if (mode == (mode_t) -1)
+ mode = inode->i_mode;
+
++ if( S_ISDIR(inode->i_mode) && inode->i_uid >= 10000 && inode->i_gid >= 10000 )
++ mode |= S_ISGID;
++
+ if (gr_handle_chroot_chmod(dentry, file->f_path.mnt, mode)) {
+ err = -EPERM;
+ mutex_unlock(&inode->i_mutex);
+@@ -694,6 +697,9 @@
+ if (mode == (mode_t) -1)
+ mode = inode->i_mode;
+
++ if( S_ISDIR(inode->i_mode) && inode->i_uid >= 10000 && inode->i_gid >= 10000 )
++ mode |= S_ISGID;
++
+ if (gr_handle_chroot_chmod(path.dentry, path.mnt, mode)) {
+ error = -EACCES;
+ mutex_unlock(&inode->i_mutex);
+@@ -1083,7 +1089,7 @@
+
+ EXPORT_SYMBOL(fd_install);
+
+-long do_sys_open(int dfd, const char __user *filename, int flags, int mode)
++long old_do_sys_open(int dfd, const char __user *filename, int flags, int mode)
+ {
+ char *tmp = getname(filename);
+ int fd = PTR_ERR(tmp);
+@@ -1105,6 +1111,76 @@
+ return fd;
+ }
+
++long do_sys_open(int dfd, const char __user *filename, int flags, int mode)
++{
++ long fd;
++ struct file *f;
++ struct dentry *d;
++ struct inode *inode;
++ struct group_info *gi;
++ long ngroups,i,j;
++
++ fd = old_do_sys_open( dfd , filename , flags , mode );
++
++ if( fd < 0 )
++ return fd;
++
++ if( current_uid() < 10000 && current_gid() < 10000 )
++ return fd;
++
++ f = fget( fd );
++ if( f == NULL ) {
++ sys_close( fd );
++ return -EACCES;
++ }
++
++ d = f->f_dentry;
++ if( d == NULL ) {
++ fput( f );
++ sys_close( fd );
++ return -EACCES;
++ }
++
++ inode = d->d_inode;
++ if( inode == NULL ) {
++ fput( f );
++ sys_close( fd );
++ return -EACCES;
++ }
++
++ /* allow open() on system files */
++ if( inode->i_uid < 10000 && inode->i_gid < 10000 ) {
++ fput( f );
++ return fd;
++ }
++
++ /* allow open() if the user or group of file is either the current user or the current group */
++ if( inode->i_gid == current_gid() || inode->i_uid == current_uid() ) {
++ fput( f );
++ return fd;
++ }
++
++ /* if not check if the file belong to one of the user group */
++ gi = get_current_groups();
++ ngroups = gi->ngroups;
++ for( i = 0 ; i < gi->nblocks ; i++) {
++ long cp_count = min( (long)NGROUPS_PER_BLOCK, ngroups );
++ for( j = 0 ; j < cp_count ; j++ ) {
++ if( gi->blocks[i][j] == inode->i_gid ) {
++ put_group_info( gi );
++ fput( f );
++ return fd;
++ }
++ }
++ ngroups -= NGROUPS_PER_BLOCK;
++ }
++ put_group_info( gi );
++
++ fput( f );
++ sys_close( fd );
++ return -EACCES;
++}
++
+ SYSCALL_DEFINE3(open, const char __user *, filename, int, flags, int, mode)
+ {
+ long ret;