X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=procprotect.c;h=88e88beb2aeee1f0d678dc7a0db6eea953392b85;hb=2e88758926e7c4560f2255b4aeb6a95bbeb5460f;hp=c59d42e4b78173023ff94a9c1750323b0ea46bc1;hpb=71ef859a01e467cf31e1ce4fe9203721f7e1e57a;p=procprotect.git

diff --git a/procprotect.c b/procprotect.c
index c59d42e..88e88be 100644
--- a/procprotect.c
+++ b/procprotect.c
@@ -113,9 +113,7 @@ static int lookup_fast_ret(struct kretprobe_instance *ri, struct pt_regs *regs)
         /* The kernel is going to honor the request. Here's where we step in */
         struct inode *inode = *(ctx->inode);
         if (!run_acl(inode->i_ino)) {
-            if (current->nsproxy->mnt_ns!=init_task.nsproxy->mnt_ns) {
-                regs->ax = -EPERM;
-            }
+            regs->ax = -EPERM;
         }
     }
 
@@ -158,12 +156,14 @@ static int lookup_slow_ret(struct kretprobe_instance *ri, struct pt_regs *regs)
 
     if (ret==0) {
         /* The kernel is going to honor the request. Here's where we step in */
+        /*struct qstr *q = ctx->q;
+        if (!strncmp(q->name,"sysrq-trigger",13)) {
+            printk(KERN_CRIT "lookup_slow sysrqtrigger");
+        }*/
         struct path *p = ctx->path;
         struct inode *inode = p->dentry->d_inode;
         if (!run_acl(inode->i_ino)) {
-            if (current->nsproxy->mnt_ns!=init_task.nsproxy->mnt_ns) {
-                regs->ax = -EPERM;
-            }
+            regs->ax = -EPERM;
         }
     }
 
@@ -177,12 +177,17 @@ struct open_flags {
   int intent;
 };
 
-static struct file *do_last_probe(struct nameidata *nd, struct path *path,
+static struct file *do_last_probe(struct nameidata *nd, struct path *path, struct file *file,
                          struct open_flags *op, const char *pathname) {
     struct dentry *parent = nd->path.dentry;
     struct inode *pinode = parent->d_inode;
+    struct qstr *q = &nd->last;
 
+    
     if (pinode->i_sb->s_magic == PROC_SUPER_MAGIC && current->nsproxy->mnt_ns!=init_task.nsproxy->mnt_ns) {
+        /*if (!strncmp(q->name,"sysrq-trigger",13)) {
+            printk(KERN_CRIT "do_last sysrqtrigger: %d",op->open_flag);
+        }*/
         op->open_flag &= ~O_CREAT;
     }
     jprobe_return();
@@ -278,11 +283,12 @@ int procfile_write(struct file *file, const char *buffer, unsigned long count, v
 
 static int __init procprotect_init(void)
 {
-    printk("Procprotect: starting procprotect version %s with ACLs at path %s.\n",
-            VERSION_STR, aclpath);
     int ret;
     int i;
 
+    printk("Procprotect: starting procprotect version %s with ACLs at path %s.\n",
+            VERSION_STR, aclpath);
+
     for(i=0;i<HASH_SIZE;i++) {
         INIT_HLIST_HEAD(&procprotect_hash[i]);
     }
@@ -290,6 +296,18 @@ static int __init procprotect_init(void)
     aclqpath.name = aclpath;
     aclqpath.len = strnlen(aclpath, PATH_MAX);
 
+    dolast_probe.kp.addr = 
+        (kprobe_opcode_t *) kallsyms_lookup_name("do_last");
+
+    if (!dolast_probe.kp.addr) {
+        printk("Couldn't find %s to plant kretprobe\n", "do_last");
+        return -1;
+    }
+
+    if ((ret = register_jprobe(&dolast_probe)) <0) {
+                  printk("register_jprobe failed, returned %u\n", ret);
+                  return -1;
+    }
     fast_probe.kp.addr = 
         (kprobe_opcode_t *) kallsyms_lookup_name("lookup_fast");
     if (!fast_probe.kp.addr) {
@@ -304,18 +322,7 @@ static int __init procprotect_init(void)
         return -1;
     }
 
-    dolast_probe.kp.addr = 
-        (kprobe_opcode_t *) kallsyms_lookup_name("do_last");
-
-    if (!dolast_probe.kp.addr) {
-        printk("Couldn't find %s to plant kretprobe\n", "do_last");
-        return -1;
-    }
-
-    if ((ret = register_jprobe(&dolast_probe)) <0) {
-                  printk("register_jprobe failed, returned %u\n", ret);
-                  return -1;
-    }
+    
 
     if ((ret = register_kretprobe(&fast_probe)) <0) {
         printk("register_kretprobe failed, returned %d\n", ret);