This commit was manufactured by cvs2svn to create tag

[linux-2.6.git] / ipc / util.c

diff --git a/ipc/util.c b/ipc/util.c
index 727c332..964520e 100644 (file)
--- a/ipc/util.c
+++ b/ipc/util.c
@@ -24,6 +24,9 @@
 #include <linux/security.h>
 #include <linux/rcupdate.h>
 #include <linux/workqueue.h>
+#include <linux/vs_base.h>
+
+#include <asm/unistd.h>
 
 #include <asm/unistd.h>
 
@@ -105,8 +108,10 @@ int ipc_findkey(struct ipc_ids* ids, key_t key)
         */
        for (id = 0; id <= max_id; id++) {
                p = ids->entries[id].p;
-               if(p==NULL)
+               if (p==NULL)
                        continue;
+               if (!vx_check(p->xid, VX_IDENT))
+                       continue;       
                if (key == p->key)
                        return id;
        }
@@ -384,6 +389,8 @@ int ipcperms (struct kern_ipc_perm *ipcp, short flag)
 {      /* flag will most probably be 0 or S_...UGO from <linux/stat.h> */
        int requested_mode, granted_mode;
 
+       if (!vx_check(ipcp->xid, VX_ADMIN|VX_IDENT)) /* maybe just VX_IDENT? */
+               return -1;
        requested_mode = (flag >> 6) | (flag >> 3) | flag;
        granted_mode = ipcp->mode;
        if (current->euid == ipcp->cuid || current->euid == ipcp->uid)
@@ -392,8 +399,11 @@ int ipcperms (struct kern_ipc_perm *ipcp, short flag)
                granted_mode >>= 3;
        /* is there some bit set in requested_mode but not in granted_mode? */
        if ((requested_mode & ~granted_mode & 0007) && 
-           !capable(CAP_IPC_OWNER))
-               return -1;
+           !capable(CAP_IPC_OWNER)) {
+               if (!can_do_mlock())  {
+                       return -1;
+               }
+       }       
 
        return security_ipc_permission(ipcp, flag);
 }