diff options
author | Philipp Reisner <philipp.reisner@linbit.com> | 2009-10-06 09:30:14 +0200 |
---|---|---|
committer | Jens Axboe <jens.axboe@oracle.com> | 2009-10-06 09:30:14 +0200 |
commit | 9f5180e5c331d7b3ccc35e1a78072235d38f9f34 (patch) | |
tree | d4d116f9bee360007c15b50fee86bf3a27566102 /drivers/block/drbd | |
parent | 25d2d4edfa509b69fe4832094b8a07e634363ba3 (diff) | |
download | talos-op-linux-9f5180e5c331d7b3ccc35e1a78072235d38f9f34.tar.gz talos-op-linux-9f5180e5c331d7b3ccc35e1a78072235d38f9f34.zip |
drbd: Work on permission enforcement
Now we have the capabilities of the sending process available,
use them to enforce CAP_SYS_ADMIN.
Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Diffstat (limited to 'drivers/block/drbd')
-rw-r--r-- | drivers/block/drbd/drbd_nl.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c index 73c55ccb629a..22538d9628f1 100644 --- a/drivers/block/drbd/drbd_nl.c +++ b/drivers/block/drbd/drbd_nl.c @@ -2000,7 +2000,7 @@ static struct cn_handler_struct cnd_table[] = { [ P_new_c_uuid ] = { &drbd_nl_new_c_uuid, 0 }, }; -static void drbd_connector_callback(struct cn_msg *req) +static void drbd_connector_callback(struct cn_msg *req, struct netlink_skb_parms *nsp) { struct drbd_nl_cfg_req *nlp = (struct drbd_nl_cfg_req *)req->data; struct cn_handler_struct *cm; @@ -2017,6 +2017,11 @@ static void drbd_connector_callback(struct cn_msg *req) return; } + if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN)) { + retcode = ERR_PERM; + goto fail; + } + mdev = ensure_mdev(nlp); if (!mdev) { retcode = ERR_MINOR_INVALID; |