#include <linux/fcntl.h>
#include <linux/quotaops.h>
#include <linux/security.h>
+#include <linux/vs_base.h>
+#include <linux/proc_fs.h>
+#include <linux/devpts_fs.h>
/* Taken over from the old code... */
/* Make sure caller can chgrp. */
if ((ia_valid & ATTR_GID) &&
- (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid) &&
+ (current->fsuid != inode->i_uid ||
+ (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) &&
!capable(CAP_CHOWN))
goto error;
if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER))
goto error;
}
+
+ /* Check for evil vserver activity */
+ if (vx_check(0, VX_ADMIN))
+ goto fine;
+
+ if (IS_BARRIER(inode)) {
+ printk(KERN_WARNING
+ "VSW: xid=%d messing with the barrier.\n",
+ vx_current_xid());
+ goto error;
+ }
+ switch (inode->i_sb->s_magic) {
+ case PROC_SUPER_MAGIC:
+ printk(KERN_WARNING
+ "VSW: xid=%d messing with the procfs.\n",
+ vx_current_xid());
+ goto error;
+ case DEVPTS_SUPER_MAGIC:
+ if (vx_check(inode->i_xid, VX_IDENT))
+ goto fine;
+ printk(KERN_WARNING
+ "VSW: xid=%d messing with the devpts.\n",
+ vx_current_xid());
+ goto error;
+ }
fine:
retval = 0;
error:
inode->i_uid = attr->ia_uid;
if (ia_valid & ATTR_GID)
inode->i_gid = attr->ia_gid;
+ if (ia_valid & ATTR_XID)
+ inode->i_xid = attr->ia_xid;
if (ia_valid & ATTR_ATIME)
inode->i_atime = attr->ia_atime;
if (ia_valid & ATTR_MTIME)
dn_mask |= DN_ATTRIB;
if (ia_valid & ATTR_GID)
dn_mask |= DN_ATTRIB;
+ if (ia_valid & ATTR_XID)
+ dn_mask |= DN_ATTRIB;
if (ia_valid & ATTR_SIZE)
dn_mask |= DN_MODIFY;
/* both times implies a utime(s) call */
error = security_inode_setattr(dentry, attr);
if (!error) {
if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
- (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid))
+ (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid) ||
+ (ia_valid & ATTR_XID && attr->ia_xid != inode->i_xid))
error = DQUOT_TRANSFER(inode, attr) ? -EDQUOT : 0;
if (!error)
error = inode_setattr(inode, attr);