summaryrefslogtreecommitdiffstats
path: root/drivers/block/drbd
diff options
context:
space:
mode:
authorPhilipp Reisner <philipp.reisner@linbit.com>2009-10-06 09:30:14 +0200
committerJens Axboe <jens.axboe@oracle.com>2009-10-06 09:30:14 +0200
commit9f5180e5c331d7b3ccc35e1a78072235d38f9f34 (patch)
treed4d116f9bee360007c15b50fee86bf3a27566102 /drivers/block/drbd
parent25d2d4edfa509b69fe4832094b8a07e634363ba3 (diff)
downloadtalos-op-linux-9f5180e5c331d7b3ccc35e1a78072235d38f9f34.tar.gz
talos-op-linux-9f5180e5c331d7b3ccc35e1a78072235d38f9f34.zip
drbd: Work on permission enforcement
Now we have the capabilities of the sending process available, use them to enforce CAP_SYS_ADMIN. Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com> Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Diffstat (limited to 'drivers/block/drbd')
-rw-r--r--drivers/block/drbd/drbd_nl.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c
index 73c55ccb629a..22538d9628f1 100644
--- a/drivers/block/drbd/drbd_nl.c
+++ b/drivers/block/drbd/drbd_nl.c
@@ -2000,7 +2000,7 @@ static struct cn_handler_struct cnd_table[] = {
[ P_new_c_uuid ] = { &drbd_nl_new_c_uuid, 0 },
};
-static void drbd_connector_callback(struct cn_msg *req)
+static void drbd_connector_callback(struct cn_msg *req, struct netlink_skb_parms *nsp)
{
struct drbd_nl_cfg_req *nlp = (struct drbd_nl_cfg_req *)req->data;
struct cn_handler_struct *cm;
@@ -2017,6 +2017,11 @@ static void drbd_connector_callback(struct cn_msg *req)
return;
}
+ if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN)) {
+ retcode = ERR_PERM;
+ goto fail;
+ }
+
mdev = ensure_mdev(nlp);
if (!mdev) {
retcode = ERR_MINOR_INVALID;
OpenPOWER on IntegriCloud