From: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
To: Alexey Dobriyan <adobriyan-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: Linux Containers <containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>
Subject: [PATCH 1/1] cr: use a new capability to authorize c/r
Date: Tue, 12 May 2009 10:07:13 -0500 [thread overview]
Message-ID: <20090512150713.GA32064@us.ibm.com> (raw)
Alexey,
do you object to this patch? The idea is to not give away any
privilege not otherwise needed.
thanks,
-serge
From b929e0b1c1a27e328ad04e8e651ddd5ec0496ccc Mon Sep 17 00:00:00 2001
From: Serge E. Hallyn <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Date: Tue, 12 May 2009 10:53:14 -0400
Subject: [PATCH 1/1] cr: use a new capability to authorize c/r
We're currently using CAP_SYS_ADMIN to allow sys_checkpoint() and
sys_restart(). It makes no sense to lump it in with all the other
things CAP_SYS_ADMIN implies.
Define CAP_CHECKPOINT_RESTART and use that instead.
Note that CAP_SYS_ADMIN will still be necessary for unsharing
namespaces, CAP_SETUID and CAP_SETGID for setting ids, etc.
Signed-off-by: Serge E. Hallyn <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
---
checkpoint/sys.c | 4 ++--
include/linux/capability.h | 4 +++-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/checkpoint/sys.c b/checkpoint/sys.c
index 255ebc1..5552478 100644
--- a/checkpoint/sys.c
+++ b/checkpoint/sys.c
@@ -281,7 +281,7 @@ asmlinkage long sys_checkpoint(pid_t pid, int fd, unsigned long flags)
if (flags & ~CKPT_USER_FLAGS)
return -EINVAL;
- if (!ckpt_unpriv_allowed && !capable(CAP_SYS_ADMIN))
+ if (!ckpt_unpriv_allowed && !capable(CAP_CHECKPOINT_RESTART))
return -EPERM;
if (pid == 0)
@@ -318,7 +318,7 @@ asmlinkage long sys_restart(int crid, int fd, unsigned long flags)
if (flags)
return -EINVAL;
- if (!ckpt_unpriv_allowed && !capable(CAP_SYS_ADMIN))
+ if (!ckpt_unpriv_allowed && !capable(CAP_CHECKPOINT_RESTART))
return -EPERM;
/* FIXME: for now, we use 'crid' as a pid */
diff --git a/include/linux/capability.h b/include/linux/capability.h
index 572b5a0..a593391 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -357,7 +357,9 @@ struct cpu_vfs_cap_data {
#define CAP_MAC_ADMIN 33
-#define CAP_LAST_CAP CAP_MAC_ADMIN
+#define CAP_CHECKPOINT_RESTART 34
+
+#define CAP_LAST_CAP CAP_CHECKPOINT_RESTART
#define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
--
1.6.1
next reply other threads:[~2009-05-12 15:07 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-12 15:07 Serge E. Hallyn [this message]
[not found] ` <20090512150713.GA32064-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-05-12 20:59 ` [PATCH 1/1] cr: use a new capability to authorize c/r Alexey Dobriyan
[not found] ` <20090512205932.GA4346-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2009-05-12 21:17 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090512150713.GA32064@us.ibm.com \
--to=serue-r/jw6+rmf7hqt0dzr+alfa@public.gmane.org \
--cc=adobriyan-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox